none
DirectAccess ManageOut - SMB support on Tunnel Interfaces

    Question

  • Hello

    We've configured a new DA solution, with 2 DA Servers (2012 R2), Edge Topology and behind ELB (F5, Type L4). We also have two manageout Servers, with native IPv6, which are used to manage DA clients.

    All works well with Manageout, except that we cannot connect to SMB Port (445) on Windows 8 / 8.1 / 10 DA clients.

    Windows 7 DA clients works OK with SMB.

    Firewall rules and IPsec negotiations are OK in both Scenario.

    Windows 7 iphttpsinterface binding (nvspbind) :
    {C180AAFF-A5F4-437E-A194-B63E133C041C}
    "*iphttps"
    "iphttpsinterface"
    "iphttpsinterface":
       enabled:  ms_netbios       (NetBIOS Interface)
       enabled:  ms_server        (File and Printer Sharing for Microsoft Networks)
       enabled:  ms_msclient      (Client for Microsoft Networks)
       enabled:  ms_netbt         (WINS Client(TCP/IP) Protocol)
       enabled:  ms_smb           (Microsoft NetbiosSmb)
       enabled:  ms_tcpip6        (Internet Protocol Version 6 (TCP/IPv6))
       enabled:  ms_tcpip6_tunnel (Microsoft TCP/IP version 6 - Tunnels)

    Windows 8 or higher iphttpsinterface  binding (nvspbind) :
    {BC447C06-6D52-4FFA-970C-91DC08C69E4B}
    "*iphttps"
    "iphttpsinterface"
    "iphttpsinterface":
       enabled:  ms_tcpip6_tunnel (Microsoft TCP/IP version 6 - Tunnels)
       enabled:  ms_msclient      (Client for Microsoft Networks)
       enabled:  ms_server        (File and Printer Sharing for Microsoft Networks)
       enabled:  ms_netbt         (WINS Client(TCP/IP) Protocol)
       enabled:  ms_tcpip6        (Internet Protocol Version 6 (TCP/IPv6))
       enabled:  ms_netbios       (NetBIOS Interface)

    Windows 10 SMB interface:

    PS C:\WINDOWS\system32> Get-SmbServerNetworkInterface

    Scope Name Interface Index RSS Capable RDMA Capable Speed   IpAddress
    ---------- --------------- ----------- ------------ -----   ---------
    *          5               True        False        10 Gbps 1xx.1xx.1xx.1xx
    *          5               True        False        10 Gbps fe80::3da1:e69b:ff02:d39f


    PS C:\WINDOWS\system32> Get-SmbClientNetworkInterface

    Interface Index RSS Capable RDMA Capable Speed    IpAddresses
    --------------- ----------- ------------ -----    -----------
    5               True        False        10 Gbps  {fe80::3da1:e69b:ff02:d39f, 139.120.117.128}
    9               False       False        100 Kbps {fe80::200:5efe:139.120.117.128}
    13              False       False        100 Kbps {2a02:xxxx:xxxx:xxxx:d924:b25c:9c57:be82, 2a02:xxxx:xxxx:1800:89db:6...
    3               False       False        10 Mbps  {}

    As a result, we cannot use any tools which rely on SMB oevr TCP/IP, like psexec, to manage W8 / W8.1 / W10 DA clients.

    Are there any known limitations on tunnel interface with SMB, on W8 / W8.1 / W10?

    Regards

    Harman



    OS ... VirTuaLiZaTioN ... MaxiMuS ... Fair, Good, Better, Best

    Saturday, March 10, 2018 11:41 AM

All replies

  • Is SMB v1 enabled or disabled on your clients? I'm not aware of any specific limitation of SMB on Windows 8.x/10, but I am hearing some complaints from users experiencing similar issues with SMB connectivity via DirectAccess manage out.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/f6e7d467-90dd-4944-874c-19fa652c088d/issue-with-creators-update-and-manage-out-connections/

    You could try opening a support case with Microsoft. Would be interesting to find out if this is a known issue and if they have a workaround for it.

    Saturday, March 10, 2018 7:37 PM