locked
Changed IP of DirectAccess Server & clients can no longer connect RRS feed

  • Question

  • Ok, Got a new ISP and have changed all the a records.  I connected to the da server in house on my old isp, however all of my clients in a different office can no longer connect.  I am thinking they need some information off the server to connect, but I am not sure what the problem is. Any help? Thanks
    Wednesday, June 2, 2010 8:19 PM

Answers

  • Here is the actual solution.  The clients needed to get their gp updated remotely with the new ip addresses.   For anyone that does not have a way to vpn to the remote office these are the settings in the registry that need to be changed in order to get them to connect to your da that's ip address has changed.

     

    netsh namespace show effectivepolicy

    HKLM\software\policies\microsoft\Windows\TCPIP\V6Transition
    HKLM\software\policies\microsoft\Windowsfirewall\consecrules
    HKLM\software\policies\microsoft\Windows NT\DNSClient\DnsPolicyConfig\ Should have policies with DA-GUID.

    2002:451d:8682:1:0:5efe:192.168.1.3
    2002:451d:8683::451d:8686 - old IP ADDRESS IN REGISTRY


    2002:xxxx:2f03:1:0:5efe:192.168.1.3 – ISATAP on DA server
    2002:xxxx:2f03::addb:2f03 -NEW IP ADDRESS IN REGISTRY

    69.29.134.130 – old IP ADDRESS IN REGISTRY
    XXX.XXX.47.3 – new IP ADDRESS IN REGISTRY

    • Marked as answer by Miles Li Thursday, July 1, 2010 8:22 AM
    Wednesday, June 30, 2010 9:05 PM

All replies

  • Hi,

     

    Thank you for your post here.

     

    What IPv6 transition protocol are configured on the client side? Is it Teredo or IP-HTTPS?

     

    You may install the DirectAccess Connectivity Assistant and collect the DA diagnostic logs from the clients.

     

    Microsoft DirectAccess Connectivity Assistant

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9a87efe8-e254-4473-8a26-678adea6d9e9

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

     

     

     

     

    • Marked as answer by Miles Li Wednesday, June 30, 2010 9:56 AM
    • Unmarked as answer by Miles Li Thursday, July 1, 2010 8:22 AM
    Thursday, June 3, 2010 2:46 AM
  • Hello hevnbnd,

    In addition to Miles Li’s post, have a look at this really good article “DirectAccess for Windows Server 2008 R2”

    For troubleshooting connection issues please see the chapters starting with: Fixing Issues with connecting to …

    DirectAccess for Windows Server 2008 R2 - Design, Deployment, and Troubleshooting Guides
    Author: Joe Davies - Editor: Scott Somahano
    Microsoft Corporation -  Published: December 2009 - Updated: June 2010

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=647222d1-a41e-4cdb-ba34-f057fbc7198f


    Best regards,
    Harry

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Miles Li Wednesday, June 30, 2010 9:56 AM
    • Unmarked as answer by Miles Li Thursday, July 1, 2010 8:22 AM
    Saturday, June 19, 2010 7:56 PM
  • Here is the actual solution.  The clients needed to get their gp updated remotely with the new ip addresses.   For anyone that does not have a way to vpn to the remote office these are the settings in the registry that need to be changed in order to get them to connect to your da that's ip address has changed.

     

    netsh namespace show effectivepolicy

    HKLM\software\policies\microsoft\Windows\TCPIP\V6Transition
    HKLM\software\policies\microsoft\Windowsfirewall\consecrules
    HKLM\software\policies\microsoft\Windows NT\DNSClient\DnsPolicyConfig\ Should have policies with DA-GUID.

    2002:451d:8682:1:0:5efe:192.168.1.3
    2002:451d:8683::451d:8686 - old IP ADDRESS IN REGISTRY


    2002:xxxx:2f03:1:0:5efe:192.168.1.3 – ISATAP on DA server
    2002:xxxx:2f03::addb:2f03 -NEW IP ADDRESS IN REGISTRY

    69.29.134.130 – old IP ADDRESS IN REGISTRY
    XXX.XXX.47.3 – new IP ADDRESS IN REGISTRY

    • Marked as answer by Miles Li Thursday, July 1, 2010 8:22 AM
    Wednesday, June 30, 2010 9:05 PM