locked
Direct Access fails sometimes (Win10 Clients) RRS feed

  • Question

  • Since about a week, we have a intermittent problems that Windows 10 clients couldn't reach our network over direct access.

    - The 2012 R2 DA server has all components green, up and running. Some clients are working, can see several connected clients.

    - On the not working Windows 10 client, the DA connection is not even visible in network connections.

    - On the not working client, netsh interface httpstunnel show interfaces produces the following output:

    C:\WINDOWS\system32>netsh interface httpstunnel show interfaces

    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://62.192.1.80:443/IPHTTPS
    Last Error Code            : 0x0
    Interface Status           : IPHTTPS interface deactivated
    ** The above IPHTTPSInterface setting is the result of Group Policy overriding
    any local configuration.

    Interface IPHTTPSInterface Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://srv-da01.smartit.local/httpspage
    Last Error Code            : 0x0
    Interface Status           : IPHTTPS interface deactivated
    ** The above IPHTTPSInterface setting is the result of Group Policy overriding
    any local configuration.

    Have seen http://www.networkworld.com/article/2230444/microsoft-subnet/how-to-force-an-ip-https-connection-on-a-directaccess-client-.html and temporarly deactivated the Teredo interface. That doesn't help.

    Thank you in advance for any advice.

    Franz

    Tuesday, August 9, 2016 2:03 PM

Answers

  • We have completely removed the whole DA configuration, have deleted the server and client DA GPO's and have recreated the DA configuration. Have done this last weekend, and until today, the problem didn't appear.

    Kind regards, Franz

    Thursday, September 8, 2016 7:02 AM

All replies

  • Hi,

    >>Interface Status           : IPHTTPS interface deactivated
    ** The above IPHTTPSInterface setting is the result of Group Policy overriding
    any local configuration.

    For 'IPHTTPS interface deactivated',there are several ways to troubleshooting:

    1.To verify IP-HTTPS functionality and configuration on a DirectAccess client

    2.To configure the DirectAccess client to use an intranet proxy server

    3.To verify IP-HTTPS functionality and configuration on the DirectAccess server

    ..etc

    For details please check this link for your reference:

    Cannot Reach the DirectAccess Server with IP-HTTPS

    https://technet.microsoft.com/en-us/library/ee844126

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    tnmff@microsoft.com.

    Wednesday, August 10, 2016 4:29 AM
  • Hi

    Have found the Technet Link that you mentioned before I have posted this question.

    We have no proxy. And there is absolutely no information in the Technet article what to do when "netsh interface httpstunnel show interfaces" says "https interface deactivated".

    Some additional information:

    - We have renewed the HTTPS certificate about a week ago, and executed step 2 in the Remote Access Wizard, which updated the DA GPO's.

    - The problem is intermittend. When some external clients don't even see the DA connection in the network settings, others are working without any problem over a https connection. 

    - Yesterday, we had the problem on a client that ran "gpupdate /force" in the internal network about five days ago. This client could successfully connect over DA over https two days ago, and was affected by the problem yesterday. Reboot didn't help. Connected this client today to the internal network, ran "gpupdate /force", and DA is working again.

    Regards, Franz


    • Edited by FranzSchenk Wednesday, August 10, 2016 7:44 AM
    Wednesday, August 10, 2016 7:44 AM
  • Hi,

    I have seen similar issue in these days.One of the customers replied that it was the group policy caused the issue.Before he re-check and confirm the details about this,you could perform troubleshooting that point to GP first.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    tnmff@microsoft.com.

    Friday, August 12, 2016 3:55 AM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, don't hesitate to ask.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    tnmff@microsoft.com.

    Tuesday, August 16, 2016 5:51 AM
  • Hi

    Don't know if the problem is solved or not. We haven't / couldn't do anything, have to wait. I haven't heard from employees that have worked outside the company and that where affected by the problem the last two days.

    Because we don't know and there is no documentation what "

    IPHTTPS interface deactivated
    ** The above IPHTTPSInterface setting is the result of Group Policy overriding
    any local configuration."

    means, I don't know what the next troubleshooting steps would be. What we know is that we haven't seen GPO issues on the clients.

    Tuesday, August 16, 2016 6:41 AM
  • Hi,

    >>I don't know what the next troubleshooting steps would be. What we know is that we haven't seen GPO issues on the clients.

    Hope this one could help:

    DirectAccess Client Troubleshooting Guide

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    tnmff@microsoft.com.

    Tuesday, August 16, 2016 6:57 AM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, don't hesitate to ask.


    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    tnmff@microsoft.com.


    Thursday, September 8, 2016 6:02 AM
  • We have completely removed the whole DA configuration, have deleted the server and client DA GPO's and have recreated the DA configuration. Have done this last weekend, and until today, the problem didn't appear.

    Kind regards, Franz

    Thursday, September 8, 2016 7:02 AM
  • Hi,

    Thank you for sharing to us.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 9, 2016 3:09 AM