DirectAccess/Windows 8 NCA Client - Use Local DNS Resolution RRS feed

  • Question

  • Hello All,

    In Windows 7 using the DCA, we had an option for users to click "Use Local DNS Resolution". In Windows 8 using NCA however, I know that this isn't exactly the same and that users must choose "disconnect" in order to use local name resolution. Fine, but therein lies an issue... The "Disconnect" option only becomes available if the user is indeed already connected to DirectAccess. Our problem is that we have people from time to time within our clients networks or somewhere that restricts DirectAccess from connecting properly and DirectAccess infinitely attempts to connect, never giving us the option to disconnect therefore not allowing the DirectAccess clients to use Local Name Resolution. As a backup with our Windows 7 clients, we've allowed users to connect to a traditional VPN in the event DirectAccess wasn't working - but connection to that VPN relies on the client machine being able to resolve hostnames locally. Anybody have a resolution to this?



    Monday, April 29, 2013 6:15 PM

All replies

  • Bueller? Bueller?


    Thursday, May 2, 2013 12:24 PM
  • Hi

    Did you exclude VPN FQDN entrypoint from NRPT? Even if DirectAccess fail to connect, this NRPT exception would allow you to resolve this specific FQDN using normal DNS resolution mechanism.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, May 6, 2013 11:30 AM
  • Agreed. If you add the VPN's public hostname to the NRPT and set it as an exclusion, your VPN will at least be able to connect with or without DA. However, I think you may have uncovered a bug, or maybe just an oversight on Microsoft's part for not allowing the users to choose this when DA is having trouble connecting.
    Monday, May 6, 2013 6:27 PM
  • Hi,

    You did not activate the force tunneling? If yes, we can understand why you cannot disable DirectAccess.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, May 6, 2013 6:52 PM
  • Thanks guys. No, we're using split tunneling. Obviously I can add the exceptions and even add my vpn fqdn into dns and resolve my VPN issue, but that still does not solve out issue regarding not being able to someone Use Local DNS or cancel the connection while it's in progress. Again, if our users want to Use Local DNS and DirectAccess is not working properly for some reason, it will try to connect forever, never giving them the option to disconnect.


    Monday, May 6, 2013 7:22 PM
  • Hi<o:p></o:p>

    I've tester and you're right. You can disconnect DirectAccess when you are connected but this option is not available when DirectAccess connection fail to connect. The only workarounds I found is to stop the IP Helper service. The disconnect option really disappeared.<o:p></o:p>


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Tuesday, May 7, 2013 7:46 AM
  • I suppose we will just have to wait and see if Microsoft decides to fix this. Disabling the IP Helper service would work - not exactly an elegant solution, but will give us a way out if we need it for now. Thanks!


    Tuesday, May 7, 2013 1:04 PM