none
IP-HTTPS Error

    Question

  • I finished the DirectAccess configuration and went to Operations status. It said IP-HTTPS needed to be enabled, advertised , and published. I did the first two but I have no idea what to do to publish it. Under the resolution it says: Set the publish property on the IP-HTTPS route.

    Thanks

    Thursday, June 14, 2012 9:11 PM

Answers

  • Hi JPain,

    Can you try running Get-NetRoute and see if the IP-HTTPS prefix already exists on any interface?
    This could possible be a stale interface. You'll be able to remove it using Device Manager, under Network Adapters (in the menu, tick Show hidden devices). Then simply uninstall all of the IP-HTTPS interfaces.

    Have Remote Access recreate and reconfigure the IP-HTTPS interface by running gpupdate /force.

    Let me know what's the status after doing the above.

    Thanks,
    Yaniv

    • Marked as answer by Tiger Li Thursday, June 21, 2012 1:48 AM
    Monday, June 18, 2012 10:15 PM

All replies

  • Hi JPain,

    Thanks for posting here.

    Is our DA server directly connect to internet or connect to internet where behind a firewall/NAT device ?

    DA server can’t be located behind a NAT device otherwise it will not work with external network .

    Take look the introductions in the blog post below, it discussed on UAG deployment but is also applied to Windows Server’s:

    UAG DirectAccess Server Deployment Scenarios

    http://blogs.technet.com/b/tomshinder/archive/2010/04/01/uag-directaccess-server-deployment-scenarios.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Friday, June 15, 2012 7:52 AM
  • Photobucket

    This is what it said. Also I am behind a firewall/NAT device. Server 2012 DA can do this.

    Windows Server 2012 DirectAccess provides the ability to deploy the DirectAccess server behind a NAT device, with support for a single network interface or multiple interfaces, and removes the public IPv4 address prerequisite.

    When the Remote Access Services setup Getting Started Wizard or Remote Access Setup Wizard is run, it will check the status of network interfaces on the server to determine if the DirectAccess server is located behind a NAT device. In this configuration, only IP over HTTPS (IP-HTTPS) will be deployed.

    http://technet.microsoft.com/en-us/library/hh831416

    Thank you

    Friday, June 15, 2012 1:55 PM
  • I ran this (netsh interface ipv6 add route IP-HTTPSPrefix::/64 IPHTTPSInterface publish=yes).

    The responce was object already exists. So I am missing something.

    Friday, June 15, 2012 4:17 PM
  • Hi JPain,

    Thanks for update.

    So when we locate client behind a NAT device , will the IP-HTTPS tunnel connection establish in lab ?

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Monday, June 18, 2012 6:03 AM
  • No, it is showing disconnected.
    Monday, June 18, 2012 12:58 PM
  • Hi JPain,

    Can you try running Get-NetRoute and see if the IP-HTTPS prefix already exists on any interface?
    This could possible be a stale interface. You'll be able to remove it using Device Manager, under Network Adapters (in the menu, tick Show hidden devices). Then simply uninstall all of the IP-HTTPS interfaces.

    Have Remote Access recreate and reconfigure the IP-HTTPS interface by running gpupdate /force.

    Let me know what's the status after doing the above.

    Thanks,
    Yaniv

    • Marked as answer by Tiger Li Thursday, June 21, 2012 1:48 AM
    Monday, June 18, 2012 10:15 PM
  • I am having the exact same issue. None of these solutions work. adding the route comes back with 'ok' and I can see the interface in device manager which I have tried uninstalling and readding.
    Saturday, September 22, 2012 11:46 AM
  • Having this issue with a fresh install! Can anyone help? Mine is also showing disconnected.
    Tuesday, November 06, 2012 6:16 PM
  • JPain, what was your resolution to this issue?
    Monday, February 11, 2013 4:20 PM
  • I had this same issue.
    The fix for me was to go back to "Step 2" of the configuration wizards and replace the public name or IPv4 address. I replaced the valid IP address I had entered with a DNS name instead. After applying this the status of IP-HTTPS was good and DirectAccess was working. I don't know why, but this fixed it for me after the other suggestions had failed.

    Friday, April 05, 2013 5:20 PM
  • Did you try to change "add" to "set"?


    Thursday, May 02, 2013 6:20 PM
  • I had this same issue.
    The fix for me was to go back to "Step 2" of the configuration wizards and replace the public name or IPv4 address. I replaced the valid IP address I had entered with a DNS name instead. After applying this the status of IP-HTTPS was good and DirectAccess was working. I don't know why, but this fixed it for me after the other suggestions had failed.


    I had this same issue.  Resolved like this too!

    黄俊伟(wbpluto) MSN: hjw@live.cn Blogs: http://blog.wbpluto.com http://blogs.itecn.net/blogs/wbpluto

    Thursday, October 17, 2013 11:04 AM