none
Windows 7 clients connecting to DA on windows server 2012 R2 RRS feed

  • Question

  • Hey Guys

    Have an issue with Windows 7 clients on direct access on Windows server 2012 R2. Clients can connect to Direct Access but they can only connect/see domain controllers and management servers .i.e SCCM. when running the DA troubleshooting tool the following error is displayed

    Failed to connect to HTTP probe at

    Any help would be appreciated

    thanks

    [4/02/2016 12:46:05 p.m.]: In worker thread, going to start the tests.

    [4/02/2016 12:46:05 p.m.]: Running Network Interfaces tests.

    [4/02/2016 12:46:05 p.m.]: Wireless Network Connection (Intel(R) Dual Band Wireless-AC 7265):

    [4/02/2016 12:46:05 p.m.]: Default gateway found for Wireless Network Connection.

    [4/02/2016 12:46:05 p.m.]: iphttpsinterface (iphttpsinterface):

    [4/02/2016 12:46:05 p.m.]: No default gateway found for iphttpsinterface.

    [4/02/2016 12:46:05 p.m.]: Wireless Network Connection has configured the default gateway

    [4/02/2016 12:46:06 p.m.]: Default gateway for Wireless Network Connection replies on ICMP Echo requests, RTT is 771 msec.

    [4/02/2016 12:46:07 p.m.]: Received a response from the public DNS server (8.8.8.8), RTT is 600 msec.

    [4/02/2016 12:46:07 p.m.]: The public DNS Server does not reply on ICMP Echo requests, the request or response is maybe filtered?

    [4/02/2016 12:46:07 p.m.]: Running Inside/Outside location tests.

    [4/02/2016 12:46:07 p.m.]: NLS is

    [4/02/2016 12:46:09 p.m.]: NLS is not reachable via HTTPS, the client computer is not connected to the corporate network (external) or the NLS is offline.

    [4/02/2016 12:46:09 p.m.]: NRPT contains 4 rules.

    [4/02/2016 12:46:09 p.m.]:            Found (unique) DNS server:

    [4/02/2016 12:46:09 p.m.]:            Send an ICMP message to check if the server is reachable.

    [4/02/2016 12:46:09 p.m.]: DNS server is online, RTT is 342 msec.

    [4/02/2016 12:46:09 p.m.]: Running IP connectivity tests.

    [4/02/2016 12:46:09 p.m.]: The 6to4 interface service state is default.

    [4/02/2016 12:46:10 p.m.]: Teredo inferface status is offline.

    [4/02/2016 12:46:10 p.m.]:           The configured Teredo server is the public Microsoft Teredo server teredo.ipv6.microsoft.com..

    [4/02/2016 12:46:10 p.m.]: The IPHTTPS interface is operational.

    [4/02/2016 12:46:10 p.m.]:           The IPHTTPS interface status is IPHTTPS interface active.

    [4/02/2016 12:46:10 p.m.]: IPHTTPS is used as IPv6 transition technology.

    [4/02/2016 12:46:10 p.m.]:           The configured IPHTTPS URL is

    [4/02/2016 12:46:10 p.m.]: IPHTTPS has a single site configuration.

    [4/02/2016 12:46:10 p.m.]: IPHTTPS URL endpoint is

    [4/02/2016 12:46:15 p.m.]:           Successfully connected to endpoint

    [4/02/2016 12:46:17 p.m.]: Received response from RTT is 1715 msec.

    [4/02/2016 12:46:17 p.m.]: Running Windows Firewall tests.

    [4/02/2016 12:46:17 p.m.]: The current profile of the Windows Firewall is Private.

    [4/02/2016 12:46:17 p.m.]: The Windows Firewall is enabled in the current profile Private.

    [4/02/2016 12:46:17 p.m.]: The outbound Windows Firewall rule Core Networking - Teredo (UDP-Out) is enabled.

    [4/02/2016 12:46:17 p.m.]: The outbound Windows Firewall rule Core Networking - IPHTTPS (TCP-Out) is enabled.

    [4/02/2016 12:46:17 p.m.]: Running certificate tests.

    [4/02/2016 12:46:17 p.m.]: Found 2 machine certificates on this client computer.

    [4/02/2016 12:46:17 p.m.]: Checking certificate [no subject] with the serial number [

    [4/02/2016 12:46:17 p.m.]:           The certificate  contains the EKU Client Authentication.

    [4/02/2016 12:47:31 p.m.]:           The trust chain for the certificate [ was sucessfully verified.

    [4/02/2016 12:47:31 p.m.]: Checking certificate CN= with the serial number [

    [4/02/2016 12:47:31 p.m.]:           The certificate contains the EKU Client Authentication.

    [4/02/2016 12:47:47 p.m.]:           The trust chain for the certificate [was sucessfully verified.

    [4/02/2016 12:47:47 p.m.]: Running IPsec infrastructure tunnel tests.

    [4/02/2016 12:47:52 p.m.]: Successfully connected to domain sysvol share, found 183 policies.

    [4/02/2016 12:47:52 p.m.]: Running IPsec intranet tunnel tests.

    [4/02/2016 12:47:52 p.m.]: Successfully reached RTT is 319 msec.

    [4/02/2016 12:48:04 p.m.]: Failed to connect to with status TimedOut.

    [4/02/2016 12:48:25 p.m.]: Failed to connect to HTTP probe at

    [4/02/2016 12:48:25 p.m.]: Running selected post-checks script.

    [4/02/2016 12:48:25 p.m.]: No post-checks script specified or the file does not exist.

    [4/02/2016 12:48:25 p.m.]: Finished running post-checks script.

    [4/02/2016 12:48:25 p.m.]: Finished running all tests.

    Thursday, February 4, 2016 2:49 AM

All replies

  •  

    Hi,

    These tests may explains your problem.

    [4/02/2016 12:46:17 p.m.]: Running certificate tests.
    [4/02/2016 12:46:17 p.m.]: Found 2 machine certificates on this client computer.

    I've already seen DirectAccess failing because the wrong certificate was used in the IPsec dialog.
    Do you really need both?

    [4/02/2016 12:47:52 p.m.]: Running IPsec intranet tunnel tests.
    [4/02/2016 12:47:52 p.m.]: Successfully reached RTT is 319 msec.
    [4/02/2016 12:48:04 p.m.]: Failed to connect to with status TimedOut.
    [4/02/2016 12:48:25 p.m.]: Failed to connect to HTTP probe at

    Here, two tests are failing.
    You removed the info but according to mine, you can ping DTE1's IPv6 address but not DTE2 (both are on the DirectAccess server so you should be able to ping them)
    Also, the test of the probe is failing and by default, this is also the DirectAccess server that act as the probe with IIS.

    As this is Windows 7, have you installed and configured the DirectAccess Connectivity Assistant 2.0?

    Gerald


    Friday, February 5, 2016 11:00 AM