Windows 2012 Direct Access ISATAP not working
-
Thursday, January 31, 2013 7:35 AM
I just installed Windows 2012 Direct Access and it's working fine for my company's Windows 7 Ent clients. The only issue I can't around with is that ISATAP is not working on this box.
We want to be able to manage-out in our native IPv4 environment, the isatap A record has already been created and is resolvable to all client machines including the Direct Access server. Unfortunately, ISATAP still appears to be Disabled. Do we need to manually set this to enabled apart from what I've already done?
PS C:\Windows\system32> Get-RemoteAccessHealth
Component RemoteAccessServer HealthState TimeStamp Id
--------- ------------------ ----------- --------- --
Server localhost OK 1/31/2013 3:26:43 PM
6to4 localhost Disabled 1/31/2013 3:21:44 PM
Vpn Addressing localhost Disabled 1/31/2013 3:21:44 PM
Network Security localhost OK 1/31/2013 3:21:44 PM
Dns localhost OK 1/31/2013 3:26:43 PM
IP-Https localhost OK 1/31/2013 3:21:44 PM
Nat64 localhost OK 1/31/2013 3:21:44 PM
Dns64 localhost OK 1/31/2013 3:21:44 PM
IPsec localhost OK 1/31/2013 3:21:44 PM
Kerberos localhost Disabled 1/31/2013 3:21:44 PM
Domain Controller localhost OK 1/31/2013 3:21:44 PM
Management Servers localhost Disabled 1/31/2013 3:21:44 PM
Network Location ... localhost OK 1/31/2013 3:26:43 PM
Otp localhost Disabled 1/31/2013 3:21:44 PM
High Availability localhost Disabled 1/31/2013 3:21:44 PM
Isatap localhost Disabled 1/31/2013 3:21:44 PM
Vpn Connectivity localhost Dis┌───────────────────────────┐4 PM
Teredo localhost Dis│Enter command number: │4 PM
Network Adapters localhost OK └───────────────────────────┘4 PM
Services localhost OK 1/31/2013 3:26:43 PM
PS C:\Windows\system32> ping isatapPinging isatap.isat.com [192.168.1.214] with 32 bytes of data:
Reply from 192.168.1.214: bytes=32 time=1ms TTL=128
Reply from 192.168.1.214: bytes=32 time<1ms TTL=128
Reply from 192.168.1.214: bytes=32 time<1ms TTL=128
Reply from 192.168.1.214: bytes=32 time<1ms TTL=128
All Replies
-
Tuesday, February 05, 2013 2:30 AMModerator
Hi,
Thank you for the post.
As far as I understand, ISATAP is not recommended for use as the IPv6 to IPv4 transition technology in DirectAccess in Windows Server 2012. With ISATAP disabled DirectAccess clients can initiate connections to computers on the internal network, and the computers on the internal network are able to respond. However, computers on the internal network will not be able to initiate connections to DirectAccess for purposes of remote client management. If you want to be able to remote client management, consider deploying native IPv6 for management servers that will connect to DirectAccess client computers.
Regards,
Nick Gu - MSFT
-
Tuesday, February 05, 2013 6:03 AM
Using the DNS entry alone didnt work for me either... only way I could get it to work was to manually assign the router IP to the ISATAP interface.
use "netsh interface isatap set router 192.168.1.214"
The is done on the the client that needs to connect to the DA server via ISATAP.
The DA server needs ISATAP enabled and setup as a relay.
Use "netsh interface isatap show state" and show router to check its working.
Once you do that, the client should connect to the DA server and get its IPv6 address. "ipconfig /renew6" will force it to get the IP.
regards,
Adrian
.png)
