Some questions related to Direct Access ManageOut.
Situation:
• Windows 8.1 clients
• 2 Windows 2012 DA servers (DA1 & DA2): each have 2 adapters. Windows NLB on both internal and external interfaces
• ManageOut configured as per Jason Jones article: custom ISATAP record distributed using GPO (DNS has 2 DIP & 1 VIP registered for this record)
Questions:
• Is it true that if a DA client has a session over DA1 that
o Pinging Client on DA1 will succeed
o Pinging Client on DA2 will fail
• Is it true that the route on the ManageOut PC will always point to the IPv6 address (with the NLB VIP IPv4 embedded) of the ISATAP router
• Suppose the ManageOut PC is talking to both Client1 (active over DA1) and Client2 (active over DA2), will it talk with the ISATAP router on both DA servers _OR_ will it talk with one of the DA servers, e.g. DA1, and will that DA server use the “forwarding”
feature to redirect traffic for Client2 to the DA2?
Why the questions?
In our situation we seem to have a working manage out configuration. Working means both ping and for instance computer management (compmgmt.msc) works from LAN to DA Client. However, in certain cases both ping and compmgmt.msc seem to fail. In all cases leaving the ping command open (ping –t) suddenly results in the ping replying consistenly. This happens anywhere from several minutes up to more than 15 minutes.
Remark: I cannot say this for sure, but I gathered a trace using Windows Network Monitor (on my ManageOut pc), and I would swear I saw the Echo Reply _ALL THE TIME_ even though my command prompt says “request timed out”. So that would point to something on my ManageOut client “dropping” the traffic. Any clues?