locked
TP5 - DirectAccess broken? RRS feed

  • Question

  • Hi,

    Did someone succesfully installed a working DirectAcces server with Windows 2016 TP5 Standard?
    Since last wednesday, I'm testing TP5 and using the exact same setup than with TP4 and outside clients are unable to connect.

    Current setup is "Behind a NAT with 2 adapters".
    IP-HTTPS interface is connected and client is receiving an IPv6 address but...

    When using Computer certificates, the IPsec Main Mode associations are always failing with IKE credentials unacceptable so it seems that it can't check correctly the certificates.

    When only using Kerberos, the IPsec tunnels are connected but I can't ping any internal servers.
    IPsec Extended Mode keeps connecting then failing...

    Reinstalling the server in TP4 and DirectAccess work perfectly...

    Gerald



    Monday, May 9, 2016 2:28 PM

All replies

  • Hi Gerald,

    Since TP5 is released recently, there remains something needs to be tested.

    Here is an article about troubleshooting direct access, we may narrow down the problem via checking if the issue is related with direct access configurations first:

    https://technet.microsoft.com/en-us/library/ee624058%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    If after troubleshooting direct access, the issue still exits, then we may wait for MS to give professional explanations. And if this is a common issue, I think you won't be the single one to meet the issue.

    Thanks for your understanding.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, May 10, 2016 9:18 AM
  • There's no need for troubleshooting... The exact same setup works in TP4 and in Windows 2012 R2.
    For what I've tested actually, there's no changes in DirectAccess in Windows Server 2016 (soon deprecated product??)

    I contacted Richard Hicks (DirectAccess expert and MVP) through Twitter and he got the same result as mine...
    For him, something is malfunctioning in the NAT64 system because no client requests are sent to the internal network, which lead to IPsec tunnels failing to authenticate.


    Tuesday, May 10, 2016 10:33 AM
  • Hi Gerald,

    Thank you for reporting this issue. 

    The problem was reproduced on site at Microsoft and is currently under investigation.  We will get back to you once we have more details.

    Best Regards,

    Mihai

    Wednesday, May 11, 2016 4:20 PM
  • Hi

    Any news regarding this issue? I am seeing the exact same behavior.

    /Michael Buchardt

    Wednesday, May 18, 2016 2:42 PM
  • Hi Michael Buchardt,

    It might take some time to do investigation. Thanks for your understanding and patient.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, May 20, 2016 1:42 AM
  • Hi Michael,

    Here is a short update on this issue.

    The DirectAccess failure on Windows Server 2016 TP5 builds was investigated and fixed on Microsoft internal builds.  We regret the inconvenience of not being able to exercise the DirectAccess functionality on Windows Server 2016 TP5.  The fix will be present in our next release, so DirectAccess will be fully functional.

    Best Regards,

    Mihai

    Wednesday, June 15, 2016 6:55 PM
  • Thanks for the update... ;-)

    Wednesday, June 15, 2016 10:26 PM