locked
ManageOut only with ipv6 RRS feed

  • Question

  • I have two DirectAccess Server in NLB mode with Front and Backend Interfaces.  A Record for ISATAP is on all IP's (2x Dip, 1x Vip)

    If I want to connect to Direct Access Clients via ManageOut (ISATAP) and SystemCenter Remote Control I can only connect with the ipv6 address. DNS Name is not working. Any Idea?

    Nslookup works correct on the "Helpdesk" client. 

    Wednesday, October 5, 2016 7:10 PM

All replies

  • First of all, be careful with creating the ISATAP record. This is actually not meant for production, and not even supported. You are better of creating a GPO specific for Remote Support clients and use a custom DNS records.

    Ok, about DirectAccess Manage-Out. Asuming that your DirectAccess Clients can successfully connect. Your DirectAccess Clients need to be configured with one or more inbound Access Rules (Windows Firewall with Advanced Security) to allow inbound access through their IPv6 tunnel addresses. Without it DirectAccess Manage-Out won't work. You can add those rules to the automatically generated GPO for your DirectAccess Clients.


    Boudewijn Plomp | Conclusion FIT

    Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer". This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, October 27, 2016 7:12 AM