none
DirectAccess: Corporate names cannot be resolved.

    질문

  • Hey there,

    I configured DirectAccess and a test machine as a client but the Direct Access Connectivity Assistant shows "Corporate network names cannot be resolved. If the problem persists, contact the site administrator.".

    The IPHTTPS tunnel is established successfully and I am able to ping the DA-Server from the client and the client from the DA-Server using the DNS-Server IPv6 address. Unfortunatly if I try to access one of my internal services (HTTP, TCP, Network Shares, etc.) the connection does not come up.

    I understood that using ping or tracert does not recognize NRPT so what would be the best way to dig deeper on the root cause?

    Please find the diagnostics log of the DCAS below:

    ***************************************************************************
    ipconfig /all
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Test-PC
       Primary Dns Suffix  . . . . . . . : DIGITALTEMPUS.INT
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : DIGITALTEMPUS.INT

    Ethernet adapter Ext:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
       Physical Address. . . . . . . . . : 00-15-5D-51-0A-07
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8967:9ae:1536:9014%10(Preferred)
       IPv4 Address. . . . . . . . . . . : 80.154.78.53(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 80.154.78.49
       DHCPv6 IAID . . . . . . . . . . . : 234886493
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C2-B1-E2-00-15-5D-51-0A-07
       DNS Servers . . . . . . . . . . . : 194.25.2.129
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{BD7B2EDE-BFFF-4C88-B252-8DEB5D611C9D}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter 6TO4 Adapter:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:509a:4e35::509a:4e35(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 194.25.2.129
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:24ab:3217:af65:b1ca(Preferred)
       Link-local IPv6 Address . . . . . : fe80::24ab:3217:af65:b1ca%12(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter iphttpsinterface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : iphttpsinterface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh int teredo show state
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh int teredo show state
    Teredo Parameters
    ---------------------------------------------
    Type                    : client
    Server Name             : teredo.ipv6.microsoft.com.
    Client Refresh Interval : 30 seconds
    Client Port             : unspecified
    State                   : dormant

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh int httpstunnel show interfaces
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh int httpstunnel show interfaces

    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://da.digitaltempus.com:443/IPHTTPS
    Last Error Code            : 0x0
    Interface Status           : IPHTTPS interface deactivated


    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh dns show state
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh dns show state

    Name Resolution Policy Table Options
    --------------------------------------------------------------------

    Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                            if the name does not exist in DNS or
                                            if the DNS servers are unreachable
                                            when on a private network

    Query Resolution Behavior             : Resolve both IPv4 and IPv6
                                            addresses for names

    Network Location Behavior             : Let Network ID determine when Direct
                                            Access settings are to be used

    Machine Location                      : Outside corporate network

    Direct Access Settings                : Configured and Enabled

    DNSSEC Settings                       : Not Configured

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh name show policy
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh name show policy

    DNS Name Resolution Policy Table Settings

    Settings for .
    ----------------------------------------------------------------------
    Certification authority                 : DC=INT, DC=DIGITALTEMPUS, CN=Digital Tempus Root CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              : 2002:b2fa:a85e:3333::1
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Bypass proxy

     

    Settings for .digitaltempus.int
    ----------------------------------------------------------------------
    Certification authority                 : DC=INT, DC=DIGITALTEMPUS, CN=Digital Tempus Root CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              : 2002:b2fa:a85e:3333::1
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Bypass proxy

     

    Settings for DirectAccess-NLS.DIGITALTEMPUS.INT
    ----------------------------------------------------------------------
    Certification authority                 : DC=INT, DC=DIGITALTEMPUS, CN=Digital Tempus Root CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              :
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Use default browser settings

     

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh name show effective
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh name show effective

    DNS Effective Name Resolution Policy Table Settings


    Settings for .digitaltempus.int
    ----------------------------------------------------------------------
    Certification authority                 : DC=INT, DC=DIGITALTEMPUS, CN=Digital Tempus Root CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              : 2002:b2fa:a85e:3333::1
    DirectAccess (Proxy Settings)           : Bypass proxy

     

    Settings for DirectAccess-NLS.DIGITALTEMPUS.INT
    ----------------------------------------------------------------------
    Certification authority                 : DC=INT, DC=DIGITALTEMPUS, CN=Digital Tempus Root CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              :
    DirectAccess (Proxy Settings)           : Use default browser settings

     

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh adv mon show mmsa
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh adv mon show mmsa

    Main Mode SA at 03/08/2013 12:15:56                     
    ----------------------------------------------------------------------
    Local IP Address:                     2002:509a:4e35::509a:4e35
    Remote IP Address:                    2002:b2fa:a85e::b2fa:a85e
    Auth1:                                ComputerCert
    Auth2:                                UserNTLM
    MM Offer:                             None-AES128-SHA256
    Cookie Pair:                          bca78e06794cc3e3:25832bb4d1fbd833
    Health Cert:                          No

    Main Mode SA at 03/08/2013 12:15:56                     
    ----------------------------------------------------------------------
    Local IP Address:                     2002:509a:4e35::509a:4e35
    Remote IP Address:                    2002:b2fa:a85e::b2fa:a85e
    Auth1:                                ComputerCert
    Auth2:                                UserNTLM
    MM Offer:                             None-AES128-SHA256
    Cookie Pair:                          f3dde2716bcd44b5:1b2a983a38cebc72
    Health Cert:                          No
    Ok.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh nap client show state
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh nap client show state
    The "Network Access Protection Agent" service is not running.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh int ipv6 show int level=verbose
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh int ipv6 show int level=verbose

    Interface Loopback Pseudo-Interface 1 Parameters
    ----------------------------------------------
    IfLuid                             : loopback_0
    IfIndex                            : 1
    State                              : connected
    Metric                             : 50
    Link MTU                           : 4294967295 bytes
    Reachable Time                     : 35000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : disabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface isatap.{BD7B2EDE-BFFF-4C88-B252-8DEB5D611C9D} Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_4
    IfIndex                            : 11
    State                              : disconnected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 18500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface 6TO4 Adapter Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_5
    IfIndex                            : 18
    State                              : connected
    Metric                             : 5
    Link MTU                           : 1280 bytes
    Reachable Time                     : 35500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : disabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface Ext Parameters
    ----------------------------------------------
    IfLuid                             : ethernet_6
    IfIndex                            : 10
    State                              : connected
    Metric                             : 5
    Link MTU                           : 1500 bytes
    Reachable Time                     : 36000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 1
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : enabled
    Other Stateful Configuration       : enabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface Teredo Tunneling Pseudo-Interface Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_6
    IfIndex                            : 12
    State                              : connected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 8500 ms
    Base Reachable Time                : 15000 ms
    Retransmission Interval            : 2000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface iphttpsinterface Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_9
    IfIndex                            : 17
    State                              : disconnected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 20500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 1
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh advf show currentprofile
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh advf show currentprofile

    Public Profile Settings:
    ----------------------------------------------------------------------
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable

    Logging:
    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096

    Ok.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    ***************************************************************************
    netsh advfirewall monitor show consec
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>netsh advfirewall monitor show consec

    Global Settings:
    ----------------------------------------------------------------------
    IPsec:
    StrongCRLCheck                        0:Disabled
    SAIdleTimeMin                         5min
    DefaultExemptions                     ICMP
    IPsecThroughNAT                       Never
    AuthzUserGrp                          None
    AuthzComputerGrp                      None

    StatefulFTP                           Enable
    StatefulPPTP                          Enable

    Main Mode:
    KeyLifetime                           480min,0sess
    SecMethods                            DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
    ForceDH                               No

    Categories:
    BootTimeRuleCategory                  Windows Firewall
    FirewallRuleCategory                  Windows Firewall
    StealthRuleCategory                   Windows Firewall
    ConSecRuleRuleCategory                Windows Firewall


    Quick Mode:
    QuickModeSecMethods                   ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
    QuickModePFS                          None

    Security Associations:

    Main Mode SA at 03/08/2013 12:15:56                     
    ----------------------------------------------------------------------
    Local IP Address:                     2002:509a:4e35::509a:4e35
    Remote IP Address:                    2002:b2fa:a85e::b2fa:a85e
    Auth1:                                ComputerCert
    Auth2:                                UserNTLM
    MM Offer:                             None-AES128-SHA256
    Cookie Pair:                          bca78e06794cc3e3:25832bb4d1fbd833
    Health Cert:                          No

    Main Mode SA at 03/08/2013 12:15:56                     
    ----------------------------------------------------------------------
    Local IP Address:                     2002:509a:4e35::509a:4e35
    Remote IP Address:                    2002:b2fa:a85e::b2fa:a85e
    Auth1:                                ComputerCert
    Auth2:                                UserNTLM
    MM Offer:                             None-AES128-SHA256
    Cookie Pair:                          f3dde2716bcd44b5:1b2a983a38cebc72
    Health Cert:                          No

    Quick Mode SA at 03/08/2013 12:15:56                    
    ----------------------------------------------------------------------
    Local IP Address:                     2002:509a:4e35::509a:4e35
    Remote IP Address:                    2002:b2fa:a85e::b2fa:a85e
    Local Port:                           Any
    Remote Port:                          Any
    Protocol:                             Any
    Direction:                            Both
    QM Offer:                             ESP:SHA1-AES192+60min+100000kb
    PFS:                                  None


    IPsec Statistics
    ----------------

    Active Assoc                : 3
    Offload SAs                 : 0
    Pending Key                 : 0
    Key Adds                    : 6
    Key Deletes                 : 4
    ReKeys                      : 0
    Active Tunnels              : 2
    Bad SPI Pkts                : 0
    Pkts not Decrypted          : 0
    Pkts not Authenticated      : 0
    Pkts with Replay Detection  : 0
    Confidential Bytes Sent     : 32,096
    Confidential Bytes Received : 62,008
    Authenticated Bytes Sent    : 39,008
    Authenticated Bytes Received: 62,008
    Transport Bytes Sent        : 0
    Transport Bytes Received    : 0
    Bytes Sent In Tunnels       : 39,008
    Bytes Received In Tunnels   : 62,008
    Offloaded Bytes Sent        : 0
    Offloaded Bytes Received    : 0

    Ok.

    C:\Windows\system32\LogSpace\{551A8547-C220-4F50-BB35-73CBCABBC73D}>

    I appreciate every feedback on this very much as I don't know how to proceed at this moment.

    Thanks in advance.

    Kind regards,

    Lars

    2013년 3월 8일 금요일 오전 11:51

모든 응답

  • Hi,
    It looks like you are connected with 6to4 to your corporate network and you are talking about IPHTTPS.

    I would suggest that you start by disabling Teredo (and 6to4 if you only want to use IPHTTPS).
    In your log above your IPTTHPS interface is inactive and you are connected to the Microsoft Teredo relay and to what looks like your DA server over 6to4.

     


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    2013년 3월 8일 금요일 오후 7:20
  • My tunnel is up using IPHTTPS.

    ***************************************************************************
    netsh int httpstunnel show interfaces
    ***************************************************************************
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32\LogSpace\{E560B145-D4C3-48F7-90E6-82DAA9169BA8}>netsh int httpstunnel show interfaces

    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://da.digitaltempus.com:443/IPHTTPS
    Last Error Code            : 0x0
    Interface Status           : IPHTTPS interface active

    C:\Windows\system32\LogSpace\{E560B145-D4C3-48F7-90E6-82DAA9169BA8}>

    but I am still not able to connect to my internal infrastructure. is there any way that you could investigate remotely (Teamviewer,Lync, or so)

    I am really stuck on this and need to get it working till the end of the week.

    I disabled Teredo and 6to4 - FYI but it still does not work.

    2013년 3월 11일 월요일 오전 9:52
  • There are quite a few things that I see as potential causes of trouble:

    Is this a Server 2012 or UAG DirectAccess? If UAG, it is not normal to see the Microsoft Teredo relay information listed in your Teredo adapter properties, this would imply to me that your client didn't receive the GPO settings correctly, or that they weren't populated correctly for some reason. If your client is missing connectivity info, that would cause a problem.

    Is this a Windows 7 or Windows 8 client computer? I don't see any certificate information listed in your log file output - if this is a Windows 7 client you need to issue machine certificates for IPsec authentication, the tunnels will not build without.

    I see a "." entry listed in your NRPT - do you have Force Tunneling for DirectAccess enabled? If you do, I would disable it, at least temporarily while you try to get DA working. Get basic connectivity going first, before you try any advanced features.

    I just tried browsing to your IP-HTTPS web listener, and I get a certificate warning. You need to figure out why that is occuring as it will also cause problems. I didn't do any real digging to look into the certificate, didn't want to pry too much, but I recommend using a certificate that you purchase from a third-party CA for the IP-HTTPS listener. Trying to use your own certificate is a pain, and using a self-signed certificate is just bad practice.

    Good luck!

    2013년 3월 13일 수요일 오후 1:57