none
DirectAccess Server 2012, no connection to NLS, Domain Controller and other ressources after client connects RRS feed

  • Question

  • Hi,

    I implemented DirectAccess with Server 2012 and now facing a strange Problem:

    Everything works fine, all internal connections are up and status verifier indicates green for all probes on the DirectAccess Server.

    Clients can establish DirectAccess connection without any problems. But a couple of minutes after the Client connectes, Servers looses connection to NLS and Domain Controller. It is not possible to reach any Intranet or Internet ressources from the Server.

     

    Checked all Settings twice and nothing seems to be wrong. DirectAccess infrastructure with UAG is also in place, configuration is done according to this deployment (IP addresses, public URLs, ... are different). UAG works fine for a long time now, but Server 2012 is facing this Problem.

    Infrastructure Information:

    - Server 2012, DirectAccess only

    - two Network Interfaces, two public IPv4 adresses

    - force tunneling

    - static routes are defined for the internal interface

    Thanks for any help or idea!

    Regards

    Sebastian


    • Edited by skrueck Friday, August 9, 2013 10:16 AM
    Friday, August 9, 2013 10:15 AM

All replies

  • Are you using ISATAP in your environment with the UAG DirectAccess? I have migrated many companies from UAG DirectAccess over to Server 2012 DirectAccess and this is always a consideration that is forgotten about. If you are using ISATAP, you should disable it before you try migrating. If you are using ISATAP globally (with a record called "ISATAP" in your DNS), you will have to delete that before you can even hope to bring your DA2012 box online, otherwise it will set itself up as an ISATAP client to the UAG environment and will cause all sorts of trouble.

    Maybe this isn't the case at all, but when you mentioned that you had both it was the first thing that I thought of.

    Friday, August 9, 2013 1:31 PM
  • Hi Jordan,

    thanks for your reply. You are absolutely right, ISATAP can cause trouble, but it is disabled in both environments. It has not been used with UAG and it was not enabled during configuration of Server 2012.

    Regards

    Sebastian

    Monday, August 12, 2013 4:55 AM
  • Is NLS hosted on the DirectAccess server? If so, I recommend moving it. Only place NLS onto the DA server in test environments for best practices.

    I have seen the Domain Controllers one have a red X if there is any kind of problem contacting any DC in your entire network. The DA server tries to communicate with all of them unfortunately, and I don't know of a way to change that. I have a customer whose console is continually in a "red X" state on the Domain Controllers piece because of this. DA and everything else works fine, but I see it as a design flaw that it tries all of these communications.

    Monday, August 12, 2013 6:32 PM
  • Thanks again for your reply.

    No, NLS is not hosted on the DA Server. There is a seperate load balanced website used as NLS.

    The environment is a quite large one, so there are many Domain Controllers, this could be a reason. But once the red X came up, I was not able to reach the Domain Controller or any other ressource manually. So there must be really a problem within the connection. But I don't know where it is comming from.

    Surprisingly connection is green now  for one and a half day without changing anything. Maybe because sun is shining? ;-)

    Regards

    Sebastian

    Tuesday, August 13, 2013 5:02 AM
  • Hi,

    I'd like to give some new information and I'm still looking forward for some hints or a solution.

    Connection has been working now for four days. Yesterday connection was gone again. At the same time one of the Domain Controllers was offline for maintenance (only one of many others, so this should be no problem I think). At the same time external firwall logged connections attempts from both external IP addresses to 192.88.99.1, which is the 6to4 Anycast Address. Once the Domain Controller was online again, connection was fine again and status bar showed everything green.

    Could anyone explain this behaviour? I'm not able to do this.

    Thanks!

    Regards

    Sebastian

    Tuesday, August 20, 2013 6:51 AM