DirectAccess Shows Configured and Disabled while Outside of the Network
-
Tuesday, January 11, 2011 11:11 PM
I have a machine that shows some strange behavior with DirectAccess. It can't resolve any names as far as I can tell, but the DCA shows it is connected properly. Some of the unsual things I see in the DCA diagnostics are below. Any ideas on what is going on here?
Thanks,
Ken
Interface IPHTTPSInterface (Group Policy) Parameters
------------------------------------------------------------
Role : client
URL : https://da.contoso.com:443/IPHTTPS
Last Error Code : 0x0
Interface Status : IPHTTPS interface activeC:\Windows\system32\LogSpace\{87AF1F3E-599C-4BF9-BD45-B12ED47B38E6}>netsh dns show state
Name Resolution Policy Table Options
--------------------------------------------------------------------Query Failure Behavior : Always fall back to LLMNR and NetBIOS
if the name does not exist in DNS or
if the DNS servers are unreachable
when on a private networkQuery Resolution Behavior : Resolve only IPv6 addresses for names
Network Location Behavior : Never use Direct Access settings
Machine Location : Outside corporate network
Direct Access Settings : Configured and Disabled
DNSSEC Settings : Not Configured
C:\Windows\system32\LogSpace\{87AF1F3E-599C-4BF9-BD45-B12ED47B38E6}>netsh name show effective
DNS Effective Name Resolution Policy Table Settings
Note: DirectAccess settings would be turned off when computer is inside corporate network
Answers
-
Monday, May 09, 2011 11:28 PMModerator No, but not seen that issue occur much...
Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk- Marked As Answer by Ben AriMicrosoft Employee, Owner Monday, May 09, 2011 11:32 PM
All Replies
-
Tuesday, January 11, 2011 11:31 PMModerator
This client is running Windows Enterprise not Pro, yes?
The Network Location Behavior: Never use Direct Access settings entry should be: Network Location Behavior: Let Network ID determine when Direct
Access settings are to be usedCheck the following regkey: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks and make sure it is set to 0 and not 2. You will probably need a reboot after the change. The values for the key are shown here: http://msdn.microsoft.com/en-us/library/ff957870(PROT.10).aspx
Not sure why it got messed up, but that should fix it ;)
Cheers
JJ
Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk -
Tuesday, January 11, 2011 11:37 PM
Thanks Jason. I'll give this a try and report back.
Ken
-
Monday, May 09, 2011 9:21 PM
Thank you JJ this worked a treat!
No rebooted even required!
PS - Any ideas what would cause this to happen? Very new to UAG and DA
Hubs
-
Monday, May 09, 2011 11:28 PMModerator No, but not seen that issue occur much...
Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk- Marked As Answer by Ben AriMicrosoft Employee, Owner Monday, May 09, 2011 11:32 PM
-
Tuesday, May 10, 2011 2:25 PMThis issue has happened to me occasionally as well. Of course that Reg Key is also flipped when the DCA is selected as 'Use Local DNS' - so make sure you check that setting first. But I also have situations where this registry key is flipped for some other reason. I'd really like to know WHY. It is prevelant enough to develop a script and a self-help document for DirectAccess users at my organization.
-
Tuesday, May 10, 2011 3:14 PMModeratorInteresting, not seen it that much...
Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
.png){kind=spacer}
