Hi guys,
i implemented Direct Access in our company and everything seems to work fine, but i have a few things that are not clear to me at the moment.
Scenario: Direct Access with Single Nic behind an Edge device. External DNS entry DA.company.de with port forwarding 443 to the DirectAccess Server.
We only use Windows 8 clients. No High Availability, no Multisite. Windows Firewall is enabled for all profiles on Server and clients.
Questions:
- As soon as my clients have an Internet Connection, the Direct Access Connections Shows as connecting but it always takes about 25-30 seconds until it Shows as connected. Is this a normal behaviour? I always heard that Direct Access will only take 3-5 seconds to connect?!? As we use a single nic configuration behind an edge device, only IP-HTTPS is working for us. Might this be the reason? (Would a Connection over Teredo/6to4 be faster?)
- As i stated before our Connection is working fine and all clients can Access internal ressources without Problems but if i collect the Client logs it Shows that the DTE List is failing? The Probes list is marked as successful.
Thats what it Looks like right now:
Probes List
HTTP: http://directaccess-WebProbeHost.test.corp.int (Pass)
PING: dc1.test.corp.int (Pass)
PING: dc2.test.corp.int (Pass)
PING: dc3.test.corp.int (Pass)
--------------------------------------------------------------------------------
DTE List
PING: fd45:c113:c3bd:1000::1 (Fail)
PING: fd45:c113:c3bd:1000::2 (Fail)
EDIT// Ok this one is solved now i had to enable ICMPv4/ICMPv6 inbound rules on the DirectAccess Server.
- In the Direct Access Configuration i set our SCCM Server as Management Server, what consequences does this have exactly? Right now i can receive Applications, Policies etc. offered by SCCM when i am connected using Direct Access, but what i cannot do is for example to remote control Direct Access Clients. Also i cannot ping the Direct Access clients from the SCCM Server. I can only ping them from the Direct Access Server (IPv6 Response).
- When i am connected through Direct Access, i can RDP into any Server without Problems except the Direct Access Server itself. Is this normal? Anything i need to configure to get that working? Or is this caused by our one nic only setup?
Ok, think thats enough for now :)
I would really appreciate if you guys can help me to get these issues worked out.
Cheers
Stefan