I am at a stalled point in this Windows 2012 Remote Access (DirectAccess) server setup.
I have installed a 2 NIC Natted Windows 2012 server. Everything seems fine but my client cannot connect to intranet resources using FQDN. 6to4 IPs work when I use NAT64 prefix before the IPv4 address of my internal resources. That means that the IPSec tunnels don't come up, with I can confirm, I have to MMSA in the Windows Firewall.
This would usually lead to certificates, but I have confirmed that they are OK on both the server and client. CRL can be reached from both inside and outside.
Client is trying to connect through IPHTTPS tunnel as it was the only protocol the network team would allow through (which is fine by me).
I went through the usual toubleshooting steps.. Certificates OK, GPO OK, Connectivity to DC from Server OK. Nothing of interest in event log.
Security log though shows a few interesting errors like this one:
LocalMMPrincipalName - RemoteMMPrincipalName - LocalAddress fd7f:f176:b9e5:1000::1 LocalKeyModPort 500 RemoteAddress fd7f:f176:b9e5:1000:4dc3:2fa2:cff4:66fe RemoteKeyModPort 500 KeyModName %%8223 FailurePoint %%8199 FailureReason No policy configured MMAuthMethod %%8194 State %%8201 Role %%8206 MMImpersonationState %%8217 MMFilterID 0 InitiatorCookie 845028da40eb76b6 ResponderCookie
Network trace shows a little bit more info:
4:50:47 PM 4/30/2013 FD7F:F176:B9E5:1000:0:0:0:1 FD7F:F176:B9E5:1000:FCC7:9A72:9FBD:11D1 WFP WFP:IPsec: Main Mode Failure - Error: ERROR_SUCCESS
4:50:40 PM 4/30/2013 WFP WFP:User Mode Error
Client is Win8 Enterprise btw.
I am kind of at a lost point now.. Any help is appreciated.
for DA better ask in http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.