none
DirectAccess client cannot ping DNS server

    Question

  • Hello

    I set up a standard DirectAccess on Windows Server 2008 R2. DNS and DC is on another machine running Windows Server 2008 R2. Pinging locally from and to DA/DC server works like a charm but when I try to ping DC (DNS) server from my DA client it will time out. I can ping my DA server from client with IP 2002:58c4:da22:1:0:5efe:192.168.1.2 without problems.

    When I ping my clients Teredo address from my DNS server it gets PING: transmit failed. General failure. I cannot ping the same address on my DA server (times out).

    The infrastructure is set up step by step using this guide: http://technet.microsoft.com/en-us/library/ee649137(v=ws.10).aspx. I have read all the troubleshooting articles located in here: http://technet.microsoft.com/en-us/library/ee624058(v=ws.10).aspx but have not got anything useful out of them. 

    Please help me, It has already taken too much time to troubleshoot this issue. Here is my DACA log.

    RED: Corporate connectivity is not working.
    Windows cannot contact the DirectAccess server. Please contact your administrator if this problem persists.
    26/2/2013 9:2:44 (UTC)
    
    
    Probes List
    FAIL		PING: mcad.company.ee
    FAIL		HTTP: http://mcad.company.ee/
    FAIL		FILE: \\mcad.company.ee\files\example.txt
    
    DTE List
    RESOLVED NAME	PING: 2002:58c4:da22:1:0:5efe:192.168.1.1
    PASS		PING: 2002:58c4:da22:1:0:5efe:192.168.1.2
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>ipconfig /all 
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : eehqoff9
       Primary Dns Suffix  . . . . . . . : company.ee
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : company.ee
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : company.ee
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
       Physical Address. . . . . . . . . : 00-15-5D-01-50-0B
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::3dc1:ee4d:aaee:2651%11(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.1.77(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : 26. veebruar 2013. a. 11:01:16
       Lease Expires . . . . . . . . . . : 27. veebruar 2013. a. 11:01:17
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 234886493
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-82-60-A8-00-15-5D-01-50-0B
       DNS Servers . . . . . . . . . . . : 192.168.1.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.company.ee:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : company.ee
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Local Area Connection* 9:
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:58c4:da22:2043:11cf:4fd1:e46e(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::2043:11cf:4fd1:e46e%13(Preferred) 
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    Tunnel adapter iphttpsinterface:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft IP-HTTPS Platform Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh int teredo show state 
    Teredo Parameters
    ---------------------------------------------
    Type                    : client
    Server Name             : 88.xxx.xxx.34 (Group Policy) 
    Client Refresh Interval : 30 seconds
    Client Port             : unspecified
    State                   : qualified
    Client Type             : teredo client
    Network                 : unmanaged
    NAT                     : restricted
    NAT Special Behaviour   : UPNP: No, PortPreserving: Yes
    Local Mapping           : 192.168.1.77:60976
    External NAT Mapping    : 176.xxx.xx.xxx:60976
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh int httpstunnel show interfaces 
    
    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://da.company.ee:443/IPHTTPS
    Last Error Code            : 0x2afc
    Interface Status           : failed to connect to the IPHTTPS server. Waiting to reconnect 
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh dns show state 
    
    Name Resolution Policy Table Options 
    -------------------------------------------------------------------- 
    
    Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                            if the name does not exist in DNS or
                                            if the DNS servers are unreachable
                                            when on a private network
    
    Query Resolution Behavior             : Resolve only IPv6 addresses for names
    
    Network Location Behavior             : Let Network ID determine when Direct
                                            Access settings are to be used
    
    Machine Location                      : Outside corporate network
    
    Direct Access Settings                : Configured and Enabled
    
    DNSSEC Settings                       : Not Configured
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh name show policy 
    
    DNS Name Resolution Policy Table Settings
    
    Settings for nls.company.ee
    ----------------------------------------------------------------------
    Certification authority                 : DC=ee, DC=company, CN=company-MCAD-CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              : 
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Bypass proxy
    
    
    
    Settings for .company.ee
    ----------------------------------------------------------------------
    Certification authority                 : DC=ee, DC=company, CN=company-MCAD-CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              : 2002:58c4:da22:1:0:5efe:192.168.1.1
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Bypass proxy
    
    
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh name show effective 
    
    DNS Effective Name Resolution Policy Table Settings
    
    
    Settings for nls.company.ee
    ----------------------------------------------------------------------
    Certification authority                 : DC=ee, DC=company, CN=company-MCAD-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              : 
    DirectAccess (Proxy Settings)           : Bypass proxy
    
    
    
    Settings for .company.ee
    ----------------------------------------------------------------------
    Certification authority                 : DC=ee, DC=company, CN=company-MCAD-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              : 2002:58c4:da22:1:0:5efe:192.168.1.1
    DirectAccess (Proxy Settings)           : Bypass proxy
    
    
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh int ipv6 show int level=verbose  
    
    Interface Loopback Pseudo-Interface 1 Parameters
    ----------------------------------------------
    IfLuid                             : loopback_0
    IfIndex                            : 1
    State                              : connected
    Metric                             : 50
    Link MTU                           : 4294967295 bytes
    Reachable Time                     : 41000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : disabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled
    
    Interface isatap.company.ee Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_4
    IfIndex                            : 12
    State                              : disconnected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 39000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled
    
    Interface Local Area Connection* 9 Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_5
    IfIndex                            : 13
    State                              : connected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 10000 ms
    Base Reachable Time                : 15000 ms
    Retransmission Interval            : 2000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled
    
    Interface Local Area Connection Parameters
    ----------------------------------------------
    IfLuid                             : ethernet_6
    IfIndex                            : 11
    State                              : connected
    Metric                             : 5
    Link MTU                           : 1500 bytes
    Reachable Time                     : 15000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 1
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : enabled
    Other Stateful Configuration       : enabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled
    
    Interface iphttpsinterface Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_6
    IfIndex                            : 19
    State                              : disconnected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 31500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 1
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : enabled
    Other Stateful Configuration       : enabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh advf show currentprofile 
    
    Private Profile Settings: 
    ----------------------------------------------------------------------
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable
    
    Logging:
    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096
    
    Ok.
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh advfirewall monitor show consec 
    
    Global Settings: 
    ----------------------------------------------------------------------
    IPsec:
    StrongCRLCheck                        0:Disabled
    SAIdleTimeMin                         5min
    DefaultExemptions                     NeighborDiscovery,ICMP,DHCP
    IPsecThroughNAT                       Never
    AuthzUserGrp                          None
    AuthzComputerGrp                      None
    
    StatefulFTP                           Enable
    StatefulPPTP                          Enable
    
    Main Mode:
    KeyLifetime                           60min,0sess
    SecMethods                            DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
    ForceDH                               No
    
    Categories:
    BootTimeRuleCategory                  Windows Firewall
    FirewallRuleCategory                  Windows Firewall
    StealthRuleCategory                   Windows Firewall
    ConSecRuleRuleCategory                Windows Firewall
    
    
    Quick Mode:
    QuickModeSecMethods                   ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
    QuickModePFS                          None
    
    Security Associations:
    
    No SAs match the specified criteria.
    
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>Certutil -store my  
    my
    CertUtil: -store command completed successfully.
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>Systeminfo
    
    Host Name:                 EEHQOFF9
    OS Name:                   Microsoft Windows 7 Ultimate 
    OS Version:                6.1.7601 Service Pack 1 Build 7601
    OS Manufacturer:           Microsoft Corporation
    OS Configuration:          Member Workstation
    OS Build Type:             Multiprocessor Free
    Registered Owner:          User
    Registered Organization:   
    Product ID:                00426-292-0000007-85846
    Original Install Date:     12.01.2013, 2:07:40
    System Boot Time:          26.02.2013, 11:00:45
    System Manufacturer:       Microsoft Corporation
    System Model:              Virtual Machine
    System Type:               x64-based PC
    Processor(s):              1 Processor(s) Installed.
                               [01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~3400 Mhz
    BIOS Version:              American Megatrends Inc. 090006 , 23.05.2012
    Windows Directory:         C:\Windows
    System Directory:          C:\Windows\system32
    Boot Device:               \Device\HarddiskVolume1
    System Locale:             et;Estonian
    Input Locale:              et;Estonian
    Time Zone:                 (UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius
    Total Physical Memory:     2˙048 MB
    Available Physical Memory: 1˙507 MB
    Virtual Memory: Max Size:  4˙095 MB
    Virtual Memory: Available: 3˙498 MB
    Virtual Memory: In Use:    597 MB
    Page File Location(s):     C:\pagefile.sys
    Domain:                    company.ee
    Logon Server:              N/A
    Hotfix(s):                 109 Hotfix(s) Installed.
                               [01]: 982861
                               [02]: KB2592687
                               [03]: KB971033
                               [04]: KB2479943
                               [05]: KB2484033
                               [06]: KB2488113
                               [07]: KB2491683
                               [08]: KB2505438
                               [09]: KB2506014
                               [10]: KB2506212
                               [11]: KB2506928
                               [12]: KB2509553
                               [13]: KB2511250
                               [14]: KB2511455
                               [15]: KB2515325
                               [16]: KB2522422
                               [17]: KB2529073
                               [18]: KB2532531
                               [19]: KB2533552
                               [20]: KB2536275
                               [21]: KB2536276
                               [22]: KB2541014
                               [23]: KB2544893
                               [24]: KB2545698
                               [25]: KB2547666
                               [26]: KB2552343
                               [27]: KB2560656
                               [28]: KB2563227
                               [29]: KB2564958
                               [30]: KB2570947
                               [31]: KB2574819
                               [32]: KB2579686
                               [33]: KB2584146
                               [34]: KB2585542
                               [35]: KB2603229
                               [36]: KB2604115
                               [37]: KB2618451
                               [38]: KB2619339
                               [39]: KB2620704
                               [40]: KB2620712
                               [41]: KB2621440
                               [42]: KB2631813
                               [43]: KB2640148
                               [44]: KB2644615
                               [45]: KB2645640
                               [46]: KB2647753
                               [47]: KB2653956
                               [48]: KB2654428
                               [49]: KB2655992
                               [50]: KB2656356
                               [51]: KB2656411
                               [52]: KB2658846
                               [53]: KB2659262
                               [54]: KB2660075
                               [55]: KB2660649
                               [56]: KB2661254
                               [57]: KB2667402
                               [58]: KB2676562
                               [59]: KB2685811
                               [60]: KB2685813
                               [61]: KB2685939
                               [62]: KB2688338
                               [63]: KB2690533
                               [64]: KB2691442
                               [65]: KB2698365
                               [66]: KB2699779
                               [67]: KB2705219
                               [68]: KB2706045
                               [69]: KB2709630
                               [70]: KB2709981
                               [71]: KB2712808
                               [72]: KB2718704
                               [73]: KB2719857
                               [74]: KB2724197
                               [75]: KB2726535
                               [76]: KB2727528
                               [77]: KB2729094
                               [78]: KB2729452
                               [79]: KB2732059
                               [80]: KB2732487
                               [81]: KB2732500
                               [82]: KB2735855
                               [83]: KB2736233
                               [84]: KB2736422
                               [85]: KB2739159
                               [86]: KB2741355
                               [87]: KB2742599
                               [88]: KB2743555
                               [89]: KB2749655
                               [90]: KB2750841
                               [91]: KB2753842
                               [92]: KB2756921
                               [93]: KB2757638
                               [94]: KB2758857
                               [95]: KB2761217
                               [96]: KB2761465
                               [97]: KB2762895
                               [98]: KB2763523
                               [99]: KB2769369
                               [100]: KB2770660
                               [101]: KB2773072
                               [102]: KB2778930
                               [103]: KB2779562
                               [104]: KB2785220
                               [105]: KB2786081
                               [106]: KB2786400
                               [107]: KB976002
                               [108]: KB976902
                               [109]: KB982018
    Network Card(s):           1 NIC(s) Installed.
                               [01]: Microsoft Virtual Machine Bus Network Adapter
                                     Connection Name: Local Area Connection
                                     DHCP Enabled:    Yes
                                     DHCP Server:     192.168.1.1
                                     IP address(es)
                                     [01]: 192.168.1.77
                                     [02]: fe80::3dc1:ee4d:aaee:2651
    
    C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>whoami /groups  
    
    GROUP INFORMATION
    -----------------
    
    Group Name                             Type             SID          Attributes                                        
    ====================================== ================ ============ ==================================================
    BUILTIN\Administrators                 Alias            S-1-5-32-544 Enabled by default, Enabled group, Group owner    
    Everyone                               Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
    NT AUTHORITY\Authenticated Users       Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
    Mandatory Label\System Mandatory Level Label            S-1-16-16384                                                   

    Tuesday, February 26, 2013 9:22 AM

All replies

  • Any luck?  Having this same issue myself.

    Thanks 

    Aaron

    Friday, June 28, 2013 8:22 PM
  • Unfortunately this is not a solution, but I upgraded to Windows Server 2012 and now my DA infrastructure works without any problems. It was easier to set up too.
    Saturday, June 29, 2013 4:41 AM