Wednesday, February 06, 2013 2:30 PMDirect Access is usually pretty solid for my company but for some users they can not connect using their home wireless. What setting on their home wireless is blocking them from connecting? Is there a change on my UAG servers that could be made to allow them to connect? Does anyone else have a similar issue?
Wednesday, February 06, 2013 8:01 PM
We need more information to analyze the situation. Do you have DCA logs generated by clients experiencing the problem you can share?
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
Thursday, February 07, 2013 10:51 AMYeah, need more information. But have a look at configuring the Teredo client as an Enterprise Client as per this article.
Hth, Anders Janson Enfo Zipper
Thursday, February 07, 2013 4:38 PM
Setting Teredo to EnterpriseClient is one thing that comes to mind immediately for me as well. Also, I have had numerous cases now where home routers (and cell cards) are starting to hand out native IPv6 addresses to computers. Sometimes this interferes with DirectAccess connectivity. If the user's home router hands their client computer an IPv6 address, you may see in your log file that the IPsec tunnels attempt to build themselves over the native IPv6 address instead of the Teredo or IP-HTTPS address like they should.
In these cases, you need to stop the native IPv6 address from being assigned to the client computer. You can either open up the NIC properties on that laptop and uncheck the TCP/IPv6 box (this will not break DirectAccess), or you can get into the router settings at their house and stop it from handing out IPv6 addresses.
So far Microsoft has not been able to give me an answer as to why this happens, but I have seen it at least a couple dozen times over the past year.
- Marked As Answer by dirkbucket Thursday, February 07, 2013 5:24 PM
Thursday, February 07, 2013 5:24 PM
K, thanks guys. I will change the GPO setting to EnterpirseClient and also uncheck IPv6 on client NIC.