Friday, February 15, 2013 3:14 PM
We usually have 1 or 2 users a day that are unable to connect to Direct Access with me having to restart their computer or do a GPUPDATE in order to get them working again. Is the common for a few users not being able to connect or should Direct Access be stable enought to always work for everyone?
Friday, February 15, 2013 3:48 PM
DA is stable for everyone when the configuration is correct.
Are the problem users on DA at the time or in the corp network? what does DCA say when a user is not working?
If DA was not working I don't see how a gpupdate fixes it? unless you have a VPN to connect back into.
Maybe more info on your configuration?
Friday, February 15, 2013 4:04 PM
Users are outside the corp network and are usually using home wireless when unable to connect. Yes, I connect to VPN and then run a gpupdate. Broadband cards are usually pretty stable for the users.
We have a UAG Direct Access configuration.
Friday, February 15, 2013 4:08 PM
So are you using a public certificate for the IP-https certificate?
If not your CRL's must be available outside of the DA tunnel. I have seen this to be a cause of drop outs.
Tuesday, February 19, 2013 6:15 PMThird party firewalls (sometimes courtesy of antivirus programs) or existing GPO settings that might be applied to the computers can also interfere. As you already know, this is definitely not normal behavior. I completely agree on the certificate, make sure you are using a cert from a public CA for your IP-HTTPS listener, but also check into those other things, maybe run a "clean" PC without other GPOs applied to it and see if the problem disappears there.