locked
Manage out not working RRS feed

  • Question

  • Hi all!

    I have successfully configured DirectAccess and my clients all have successfull "Connected state" with access to internal resources like dynamics and file shares. I have installed ISATAP on selected computers and clients can successfully remote desktop to those. The selected computers have automatically registered an IPv6 address in the DNS after it was applied.

    The problem for me now is the manage out. I can not ping, remote desktop or access anything on the connected clients. I have opened three port/protocols according to the normal instructions found browsing. 

    My general idea about it could have something to do with that there is no DNS registration from the clients. If i remove the DNS-entries from the DNS server, they do not update to get a new, even with a ipconfig /registerdns. If I connect the clients over VPN they do register. Is there someone who could point me in the right direction regarding this?

    Also, should the clients make an IPv6 and/or IPv4 entry in the DNS server?

    Is there maybe some port in my routers firewall I have been missing to open or is port forwarded to another server?

    Thanks!

    Sunday, November 19, 2017 11:29 PM

Answers

  • Thanks for your reply! I found it that the culprit of the system was using DA server on Windows Server 2016. When trying it with Windows Server 2012, it worked like a charm with almost no changes at all. I mean, all actions taken prior to the test of 2012, was correct and therefor it worked, but it seems like 2016 was blocking something...


    • Marked as answer by Calleman87 Saturday, January 6, 2018 3:32 PM
    Saturday, January 6, 2018 3:32 PM

All replies

  • DirectAccess clients do automatically register their IPv6 addresses (either their IP-HTTPS or Teredo address, whichever they are actively using to connect via DA) inside DNS. If that isn't happening, perhaps your DNS is configured not to allow automatic registrations of IPv6 addresses for some reason? Though it does sound like it is happening for the internal ISATAP-connected machines, right? Either way, that is the place I would look, check into events on the DNS server to see if you can find some indication as to why it isn't allowing those registrations to happen. The DA clients do attempt to by default, so there shouldn't be anything that you need to change on the DA side to make this happen.

    Thursday, December 7, 2017 3:23 PM
  • Thanks for your reply! I found it that the culprit of the system was using DA server on Windows Server 2016. When trying it with Windows Server 2012, it worked like a charm with almost no changes at all. I mean, all actions taken prior to the test of 2012, was correct and therefor it worked, but it seems like 2016 was blocking something...


    • Marked as answer by Calleman87 Saturday, January 6, 2018 3:32 PM
    Saturday, January 6, 2018 3:32 PM