Wednesday, February 20, 2013 9:00 AM
I have created Direct Access 2012 NLB cluster in single NIC scenario behind NAT. All DA clients are Windows 7 and only IP-HTTPS.
Everything is fine, clients can connect to internal resources, but I want also manage-out these clients.
So I created additional FW rules according http://blogs.technet.com/b/edgeaccessblog/archive/2010/09/14/how-to-enable-remote-desktop-sharing-rds-rdp-from-corporate-machines-to-directaccess-connected-machines.aspx
I deployed ISATAP only on my test computer according http://blog.msedge.org.uk/2011/11/limiting-isatap-services-to-uag.html
Now I can access shares on DA client, RDP, but SCCM 2007 SP Remote Control doesn't works. It displays starting remote session and then connection failed (0x80004005). Application distibution, windows updates are working.
Of course when on local intranet Remote Control is working.
We have UAG DA test environment, when I remove DA 2012 GPOs and add UAG DA GPOs (also only IP-HTTPS, Teredo and 6to4 is disabled) on the same client, Remote Control is working.
So any suggestions? Is this some kind of single NIC scenarion limitations?
P.S. Another strange thing - when client is connected through UAG DA in SCCM Management Console on computer object i can see IPv6 address of IPHTTPs adapter, when through DA 2012 there is no IPv6 addreses.
Wednesday, February 20, 2013 7:31 PM
Did you enable all required incoming rules on client computer? From my memory, there are five :
TCP135, TCP 2701, TCP 2702, UDP 2701, UDP 2702, all with edge transversal enabled.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
Thursday, February 21, 2013 6:57 AMHi BenoitS,
I use the same FW rules, that are working for UAG DA deployment. I double checked, that edge traversal is enabled.
I found similar thread in forum about Remote Assistance: http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/5709d84b-fd1a-4cd9-af74-670b4b541ca2.
I tried Remote Assistance and it also is not working. The symptoms are the same as mentioned in that thread, i also see (when I try to connect) that msra.exe, rcagent.exe are listening only on the link-local IP from IPHTTPS, not the "real" IPv6 address.
Tuesday, March 19, 2013 10:47 AM
Hi Mareks V,
Do you already have a solution for this?
We are experiencing exactly the same thing in a similar setup.
The first attempt results in a 0x80004005 error, while successive attempts result in a 0x8000ffff error.
Wednesday, March 20, 2013 6:32 AM
Hi Gerrie S,
I suppose this is single NIC scenario limitation and is somehow related to NAT+SCCM client things.
We recreate DirectAcess with two NIC (Edge scenario) and no problem with Remote Tools.