none
UAG DirectAccess can't connect to my hyper-v remote desktop RRS feed

  • Question

  • Hi, All,

    I just implement UAG DirectAccess. Everything seems works fine. I can remote desktop to internal servers except one server with hyper-v enabled.

    I can ping it and remote desktop from internal network. But can't from DA client. (The server already list in UAG DA server access list)

    Any idea how to troubleshooting it?


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, July 14, 2010 1:46 AM

Answers

  • I'm not sure what may be the reason.

    You can try the following things:

    • Re-enable ISATAP and see if it works now
    • Check that the ISATAP link-local address of the UAG server appears when you run netsh int ipv6 show potentialrouters on the Hyper-V server
    • from the Hyper-V server (with ISATAP enabled) try to ping another IPv6 server. (Open Network Monitor if this doesn't work, and try to see where this fails)
    • If you find that packets are simply dropped by this Hyper-V server, then I'd check the WFP log. Run netsh wfp capture start and then examine the .xml files to see which filter is dropping the IPv6 packets.

    Thanks,

    Yaniv

    • Marked as answer by Erez Benari Monday, July 26, 2010 10:43 PM
    Sunday, July 18, 2010 7:36 AM

All replies

  • Hi, Jason,

    I am not asking Hyper-v management from DA client to server.

    All I want is remote desktop to hyper-v server but failed.

    I use ipconfig on hyper-v server and there is ISATAP ip there.

     


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, July 14, 2010 12:09 PM
  • It works with pure IPv6 (how we run it) but not sure about ISATAP; don't see why not...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, July 14, 2010 12:39 PM
    Moderator
  • If it is just a normal 2008 r2 server, how can we troubleshooting DA client to this server?

    I ping it from DA client or internal, it resolved a 2002 ipv6 address but no reply from this server.

    Internal client can RDP to this server, but DA client cannot.


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    • Edited by George 小顧 Wednesday, July 14, 2010 12:52 PM more info
    Wednesday, July 14, 2010 12:47 PM
  • One more info, this is the only one 2008R2 server in my network and it can't RDP from DA client.

    Other servers are 2008, not R2 and they can RDP from DA client.


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, July 14, 2010 1:01 PM
  • Can you ping the external DA client using its IPv6 address?

    Have you tried disabling the local Win firewall on the R2 server to eliminate this?

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, July 14, 2010 1:29 PM
    Moderator
  • Is the ISATAP address registered in DNS?

    Is this a UAG DirectAccess server?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Wednesday, July 14, 2010 2:25 PM
    Moderator
  • Yes. ISATAP IPv4 IP is registered in internal DNS.

    And I'm using UAG DA.

    I define several servers in management servers and DCs list. All servers I can remote desktop to from DA client except one with Hyper-V(R2).

    I am not sure is there any relation that this one is the only 2008 R2 server or this one is Hyper-V enabled.


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Thursday, July 15, 2010 2:30 PM
  • Hi George,

    Did you mean to say that the ISATAP IPv6 address is registered in DNS?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Thursday, July 15, 2010 3:07 PM
    Moderator
  • So you can't ping the hyperv server even from an internal computer?

    RDP probably works internally, because the connection fallsback to IPv4. DirectAccess clients can not use IPv4, and will not fall back to NAT64 if an IPv6 address is already assigned to the backend server.

    It seems to me that you need to troubleshoot the ISATAP connectivity on your hyper-v server, or disable ISATAP on that server (netsh int isatap set state disabled)

    Thursday, July 15, 2010 3:26 PM
  • Hi, Yaniv,

    You are correct. disable ISATAP let me can RDP from DA client.

    What I am interesting is the other 2K8 servers I can RDP to, I "netsh int isatap show state" and the answer is default like this 2K8R2 hyper-v server.

    Why other server can RDP from DA client without disable ISATAP but this hyper-v server need to disable?

    Any idea?

    Since I am consultant and we will have project with local MS, I need to figure it out why and I can avoid any mistake I make.


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Friday, July 16, 2010 3:11 PM
  • I'm not sure what may be the reason.

    You can try the following things:

    • Re-enable ISATAP and see if it works now
    • Check that the ISATAP link-local address of the UAG server appears when you run netsh int ipv6 show potentialrouters on the Hyper-V server
    • from the Hyper-V server (with ISATAP enabled) try to ping another IPv6 server. (Open Network Monitor if this doesn't work, and try to see where this fails)
    • If you find that packets are simply dropped by this Hyper-V server, then I'd check the WFP log. Run netsh wfp capture start and then examine the .xml files to see which filter is dropping the IPv6 packets.

    Thanks,

    Yaniv

    • Marked as answer by Erez Benari Monday, July 26, 2010 10:43 PM
    Sunday, July 18, 2010 7:36 AM