Direct Access DNS Problem RRS feed

  • Question

  • Hello guys,

    i have Problem with Direct Access. I cant resolve DNS.
    I already unblock isatap on my DNS Server and my DNS IPV6 is automatically generated like recommended.

    I deactivate the Windows Firewall completly on my DC and on the Direct Access Server.
    The Port Forwarding 443 to my Direct Acces is configured.

    Hope you guys can help me out there i love the Direct Access feature.

    The Public Address of my Direct Access Server is the pubic DNS-Adress(

    • Edited by mertrin1ty Monday, December 4, 2017 5:58 PM
    Monday, December 4, 2017 5:57 PM

All replies

  • Sound like a network misconfiguration on your NIC. Are you using a dual NIC setup?

    I don't understand German but it seems that your server's console is reporting as the DNS IPv4 address.
    Are you using this address on your Internal NIC as the DNS Server?


    Tuesday, December 5, 2017 10:28 PM
  • Hello Gerald,

    yeah you was right, how ever the second DNS Adress was I changed it to the right adress.
    I have only one NIC so no NIC Teaming or something else.
    My Configuration yet on my NIC ist now 1. DNS my DC and my second is my FritzBox.

    But i have still the Problem, it cant resolve my FritzBox DNS.
    And now i have a Problem with the IP-HTTPS but the IP-Forwarding "HTTPS(443)" is configured on my FirtzBox(Router).

    Wednesday, December 6, 2017 12:42 PM
  • Try to only use your DC's DNS on your NIC (and configure the Fritzbox's IP as a forwarder if you need it).
    This should be enough...

    And never try to force the DNS entry in in the Infrastructure setup.
    DirectAccess use it's own IP as the DNS.

    Common mistake is when the admin tries to force the DNS from the AD in the setup ;-)

    Wednesday, December 6, 2017 9:00 PM
  • thank you it solved the problem but no i get the error "Domain Controller not working properply". the dns ist not working to my dc with IPV6 do you know how to figured it out? I solved it temporaly with disabling IP-Helper but with this case Direct Access is not working
    Wednesday, December 6, 2017 9:49 PM
  • IP Helper is used by DirectAccess so that definitely needs to be running in order for it to work. I also wanted to ask about something you said in your original post, that you disabled the Windows Firewall on your DA server - this will also break DA. Your Windows Firewall is the mechanism that owns the IPsec tunnels, if you have disabled WF it will also be breaking DirectAccess until you re-enable it.
    Thursday, December 7, 2017 1:16 PM
  • Yeah you was right after enabling Firewall and reconfiguration my Direct Access all Services are working :)
    Thank you!
    Thursday, December 7, 2017 6:50 PM