Hi,
Another weird direct access issue :) Hopefully someone can help sorry for the long winded post.
Direct access multi site setup and working great SERVER 2016 WINDOWS 10.... except when switching to a cellular connection the iphttps profile is only active for 1 minute. All ipsec tunnels are up, all apps work pings work and then the IP-HTTPS Adaptor turns off like something has cancelled the connection. A restart of the IP helper service brings the connection back again for 1 minute but then goes again.
All DA commands show that the iphttps profile is not active. The firewall profile does not change, Antivirus and third party applications have been removed, tried different sim vendors, vodafone, three, O2 all the same.
This only happens when connecting to cellular or tethering and it is repeatable. WIFI Connections work fine no issue.
We have found if the laptop is cold booted straight to a cellular connection the direct access connection stays online until the connection is removed and then retried at which point we have the same issue.
I noticed on a cold boot the internet connectivity warning exclamation mark was gone. I found 2 fixes
1 - disabled the internet connection probe Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\NoActiveProbe=0
2 - Change the DNS entry on the cellular connection to 8.8.8.8.
So the issue appears to be something to do with the NCSI tests and split tunnelling.
To add to this we have another direct access setup that uses forced tunnelling, clients using this direct access solution have all the same polices applied and NCSI does not seem to cause an issue, in fact the NCSI seems to fail for the first 5 minutes of the connection as the warning exclamation mark about no internet access hangs around.
Could anyone shed any what direct access is doing when performing the NCSI test and why this may be different when using the cellular connection?
Should I add an NRPT Exemption for the NCSI Websites? www.MSFTNCSI.COM?
Why would the connection be ok when cold booting what am I missing?
Hopefully someone on tech net has seen something like this before its driving me mad.