locked
Problems with DirectAccess RRS feed

  • Question

  • Hello,

    I've got DirectAccess working on one machine without any problems but now when I've tried to enable it on another 10 laptops, things went wrong. I've added these computers to DA Group, updated GP and restarted them. After that I cannot ping local domain, DC-s or any other domain server. This doesn't work on LAN and also over the internet.

    Can you please help me to find a problem? How can I disable DA on laptops now when connection to servers (so I could remove them from DA group and update GP) is not possible? Are there any ways to diagnose DA connection?

    Thank you!

    Best wishes,
    Marko
    Wednesday, November 25, 2009 9:05 AM

All replies

  • Hello,

    can someone please point me to some internet resources that would help me, or maybe someone has any experience with the problem I have? I really need to do something about this problem.

    Thank you!

    Best wishes,
    Marko

    Thursday, December 3, 2009 7:51 PM
  • Did you work through the Direct Access Troubleshooting guide?
    Friday, December 4, 2009 4:45 AM
  • It Sounds like NRPT-problems.
    Try to delete the NRPT-records i the Registry.

    Start Regedit.
    go to
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig
    delete every key under it and try.
    /JOhan
    Monday, December 7, 2009 6:37 AM
  • Thank you for your answer.

    If I run netsh interface httpstunnel show interfaces I get this error:

    Role                       : client
    URL                        : https://da01.domain.si:443/IPHTTPS
    Last Error Code            : 0x800b010f
    Interface Status           : failed to connect to the IPHTTPS server. Waiting to reconnect

    If I go to https://da01.domain.si:443/IPHTTPS in browser I get certificate error. I went to https://da01.domain.si and checked certificate - certificate for this URL is tsg.domain.si. Where can I change this certificate so it will point to the right domain? Or even better, where can I change IPHTTPS URL so it will point to https://tsg.domain.si:433/IPHTTPS?

    Thank you!

    Best wishes,
    Marko
    Wednesday, December 16, 2009 12:02 PM
  • You can change the IPHTTPS URL in the Computer Configuration\Policies\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\IP-HTTPS State setting of the Group Policy object for DirectAccess clients (named DirectAccess Policy-{3491980e-ef3c-4ed3-b176-a4420a810f12}).
    Wednesday, December 16, 2009 6:31 PM