DirectAccess Client Fails (IPHTTPS Interface will not start) RRS feed

  • Question

  • I having be having a hard time getting my notebook clients to use our UAG Directaccess sever. I have tested my configuration with my desktop computer(it works on the Directaccess so the server side is working) but tired a few notebooks and it says "iphttpsinterface device cannot start code:10). I have updated to the latest manufactures drivers. Any ideas on how to get it started. I have also tired Teredo, Microsoft 6to4 and ISATAP adapters all come back the report "Cannot start"
    Monday, May 30, 2011 3:52 PM

All replies

  • Hi,


    You said Notebook. Witch edition of Windows 7 is installed on your Netbook?


    Have a nice day.



    BenoitS - Simple by Design
    Monday, May 30, 2011 5:36 PM
  • Win 7 Enterprise- 32 bit
    Monday, May 30, 2011 5:38 PM
  • OK, so the right one.


    Are you sure that the IPHLPSVC service is started on your netbook.


    Do you have an ISATAP interface ready on LAN or not, do you have 6to4, Teredo or IPHTTPS?


    Can you generate a troubleshooting dump with DAC and post some sections?


    Have a nice day.



    BenoitS - Simple by Design
    Monday, May 30, 2011 5:42 PM
  • Yes the service is started.

    Yes ISATAP is running on the DA Server. When I ping DA I get IPV6 address from my desktop. Notebooks no go, do IPConfig /all shows no IPV6 network adapters.

    I believe we are only using IPHTTPS as set it up using Forefront UAG W/SP1, going through the setup I never saw anything for Teredo or 6to4 only IPHTTPS and ISATAP.

    could you send me the troubleshooting dump commands? 

    Monday, May 30, 2011 5:51 PM
  • Hi


    If you install the Direct Access Connectivity you will find an Advanced diagnostics option in the DAC tray. You will be able to generate log traces.


    BenoitS - Simple by Design
    Monday, May 30, 2011 5:53 PM
  • Here is some of the log, not sure if you need any of the cert or ip info.


    C:\Windows\system32\LogSpace\{7CD1C0F0-90C8-434A-83EB-AC7CB7007020}>netsh int teredo show state
    Teredo Parameters
    Type                    : disabled
    Server Name             : XXX.XXX.XXX.XXX (Group Policy)
    Client Refresh Interval : 30 seconds
    Client Port             : unspecified
    State                   : offline
    Error                   : none

    C:\Windows\system32\LogSpace\{7CD1C0F0-90C8-434A-83EB-AC7CB7007020}>netsh int httpstunnel show interfaces

    Interface IPHTTPSInterface (Group Policy)  Parameters
    Role                       : client
    URL                        : this was renamed
    Last Error Code            : 0x643
    Interface Status           : IPHTTPS interface creation failure


    C:\Windows\system32\LogSpace\{7CD1C0F0-90C8-434A-83EB-AC7CB7007020}>netsh dns show state

    Name Resolution Policy Table Options

    Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                            if the name does not exist in DNS or
                                            if the DNS servers are unreachable
                                            when on a private network

    Query Resolution Behavior             : Resolve only IPv6 addresses for names

    Network Location Behavior             : Let Network ID determine when Direct
                                            Access settings are to be used

    Machine Location                      : Outside corporate network

    Direct Access Settings                : Configured and Enabled

    DNSSEC Settings                       : Not Configured

    C:\Windows\system32\LogSpace\{7CD1C0F0-90C8-434A-83EB-AC7CB7007020}>netsh int ipv6 show int level=verbose 

    Interface Loopback Pseudo-Interface 1 Parameters
    IfLuid                             : loopback_0
    IfIndex                            : 1
    State                              : connected
    Metric                             : 50
    Link MTU                           : 4294967295 bytes
    Reachable Time                     : 37500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : disabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    C:\Windows\system32\LogSpace\{7CD1C0F0-90C8-434A-83EB-AC7CB7007020}>netsh advf show currentprofile

    Private Profile Settings:
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable

    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096


    C:\Windows\system32\LogSpace\{7CD1C0F0-90C8-434A-83EB-AC7CB7007020}>netsh advfirewall monitor show consec

    Global Settings:
    StrongCRLCheck                        0:Disabled
    SAIdleTimeMin                         5min
    DefaultExemptions                     ICMP
    IPsecThroughNAT                       Never
    AuthzUserGrp                          None
    AuthzComputerGrp                      None

    StatefulFTP                           Enable
    StatefulPPTP                          Enable

    Main Mode:
    KeyLifetime                           60min,0sess
    SecMethods                            DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
    ForceDH                               No

    BootTimeRuleCategory                  Windows Firewall
    FirewallRuleCategory                  Windows Firewall
    StealthRuleCategory                   Windows Firewall
    ConSecRuleRuleCategory                Windows Firewall

    Quick Mode:
    QuickModeSecMethods                   ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
    QuickModePFS                          None

    Security Associations:

    No SAs match the specified criteria.



    Monday, May 30, 2011 6:11 PM
  • Hi


    For your IPHTTPS interface, it seems to be a prolem with yout IPHTTPS certificate on UAG. Are you sure that your client can reach the CRL of the CA witch delivered your certificate?

    BenoitS - Simple by Design
    Tuesday, May 31, 2011 7:17 AM