locked
Connecting to DirectAccess server from a client behind proxy with authentication RRS feed

  • Question

  • Hi,

    All our DA clients are working fine except those that are working from a client company where a proxy with authentication is used.

    Our DA server is running Windows server 2012 and clients are running Windows 7.

    I have found similar posts, where it states it is a known issue and it is fixed by a new feature in Windows 2012, however i cannot find more info:

    http://technet.microsoft.com/en-us/library/hh831416.aspx

    IP-HTTPS runs in a system context rather than a user context. This context can cause connection issues. For example, if a DirectAccess client computer is located in the network of a partner company that uses a proxy for Internet access, and WPAD auto detection is not used, the user must manually configure proxy settings in order to access the Internet. These settings are configured in Internet Explorer on a per user basis, and cannot be retrieved in an intuitive way on behalf of IP-HTTPS. In addition, if the proxy requires authentication, the client provides credentials for Internet access, but IP-HTTPS will not provide the credentials required to authenticate to DirectAccess. In Windows Server 2012, a new feature solves these issues. Specifically, the user can configure IP-HTTPS to work when behind a proxy that is not configured using WPAD and IP-HTTPS will request and provide the proxy credentials needed to IP-HTTPS request authenticated, and relay it to the DirectAccess server.

    Wednesday, September 11, 2013 8:27 AM

Answers

All replies

  • Hello,

    As far as I know it's a feature of Windows 2012 URA with a Windows 8 client.

    Unfortunatelly you will have trouble with proxy authentication with Windows 7 client I think

    Regards,


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/

    • Marked as answer by Thomas Vitoz Tuesday, May 27, 2014 10:30 AM
    Wednesday, September 11, 2013 10:07 AM
  • Is there any guidance available how to perform this configuration "When configuring IP-HTTPS in DirectAccess on the server, you can use a certificate issued by a certification authority (CA), or you can specify that DirectAccess should automatically generate a self-signed certificate."

    Friday, January 17, 2014 10:57 AM