none
DirectAccess client is not working RRS feed

  • Question

  • Hi,

    We have a small setup with Windows 7 enterprise clients and in the process of deploying DirectAccess using UAG 2010 (in the test environment - 1 DC cum NLS, 1 UAG Server, 1 Proxy cum DNS Server and a UAG client machine). Everything been configured as per the guide but for some reason DirectAccess is not working for me. the DCA is showing the error message as "RED: Corporate connectivity is not working. Windows is unable to resolve corporate network names.  Please contact your administrator if this problem persists".

    Also the command "netsh int httpstunnel show interfaces" shows the message as (in the client side)

    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://uag.directaccess.com:443/IPHTTPS
    Last Error Code            : 0x2afc
    Interface Status           : failed to connect to the IPHTTPS server. Waiting to reconnect

    Entire DCA log is as below,

    RED: Corporate connectivity is not working.
    Windows is unable to resolve corporate network names.  Please contact your administrator if this problem persists.
    14/7/2011 9:1:9 (UTC)


    Probes List
    PASS  PING: 2002:100f:e65::100f:e65
    FAIL  HTTP: https://uagdc.uagda.local

    DTE

    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : UAGCLIENT1
       Primary Dns Suffix  . . . . . . . : uagda.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : uagda.local

    Ethernet adapter External:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2
       Physical Address. . . . . . . . . : 00-15-5D-97-A9-2B
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8418:24ff:43a3:5760%18(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.10.5(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : fe80::5ed9:98ff:fe59:c756%18
                                           192.168.10.1
       DNS Servers . . . . . . . . . . . : 192.168.10.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{CBB353F5-F633-4269-9A3A-5F38C81FB833}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter iphttpsinterface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft IP-HTTPS Platform Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:100f:e64:148c:f950:eff0:f1fe(Preferred)
       Link-local IPv6 Address . . . . . : fe80::148c:f950:eff0:f1fe%20(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh int teredo show state
    Teredo Parameters
    ---------------------------------------------
    Type                    : client
    Server Name             : 16.15.14.100 (Group Policy)
    Client Refresh Interval : 30 seconds
    Client Port             : unspecified
    State                   : qualified
    Client Type             : teredo client
    Network                 : unmanaged
    NAT                     : symmetric (port)
    NAT Special Behaviour   : UPNP: No, PortPreserving: No
    Local Mapping           : 192.168.10.5:63927
    External NAT Mapping    : 16.15.14.1:1711


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh int httpstunnel show interfaces

    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        :
    https://uag.directaccess.com:443/IPHTTPS
    Last Error Code            : 0x2afc
    Interface Status           : failed to connect to the IPHTTPS server. Waiting to reconnect


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh dns show state

    Name Resolution Policy Table Options
    --------------------------------------------------------------------

    Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                            if the name does not exist in DNS or
                                            if the DNS servers are unreachable
                                            when on a private network

    Query Resolution Behavior             : Resolve only IPv6 addresses for names

    Network Location Behavior             : Let Network ID determine when Direct
                                            Access settings are to be used

    Machine Location                      : Outside corporate network

    Direct Access Settings                : Configured and Enabled

    DNSSEC Settings                       : Not Configured


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh name show policy

    DNS Name Resolution Policy Table Settings

    Settings for uagdc.uagda.local
    ----------------------------------------------------------------------
    Certification authority                 : DC=local, DC=uagda, CN=UAG-DA-Root-CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              :
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Use default browser settings

     

    Settings for .uagda.local
    ----------------------------------------------------------------------
    Certification authority                 : DC=local, DC=uagda, CN=UAG-DA-Root-CA
    DNSSEC (Validation)                     : disabled
    DNSSEC (IPsec)                          : disabled
    DirectAccess (DNS Servers)              : 2002:100f:e65::100f:e65
    DirectAccess (IPsec)                    : disabled
    DirectAccess (Proxy Settings)           : Bypass proxy

     


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh name show effective

    DNS Effective Name Resolution Policy Table Settings


    Settings for uagdc.uagda.local
    ----------------------------------------------------------------------
    Certification authority                 : DC=local, DC=uagda, CN=UAG-DA-Root-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              :
    DirectAccess (Proxy Settings)           : Use default browser settings

     

    Settings for .uagda.local
    ----------------------------------------------------------------------
    Certification authority                 : DC=local, DC=uagda, CN=UAG-DA-Root-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              : 2002:100f:e65::100f:e65
    DirectAccess (Proxy Settings)           : Bypass proxy

     


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh int ipv6 show int level=verbose 

    Interface Loopback Pseudo-Interface 1 Parameters
    ----------------------------------------------
    IfLuid                             : loopback_0
    IfIndex                            : 1
    State                              : connected
    Metric                             : 50
    Link MTU                           : 4294967295 bytes
    Reachable Time                     : 42000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : disabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface isatap.{CBB353F5-F633-4269-9A3A-5F38C81FB833} Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_5
    IfIndex                            : 21
    State                              : disconnected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 41000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : disabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface iphttpsinterface Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_6
    IfIndex                            : 13
    State                              : disconnected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 24500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 1
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : enabled
    Other Stateful Configuration       : enabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface Teredo Tunneling Pseudo-Interface Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_7
    IfIndex                            : 20
    State                              : connected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 13500 ms
    Base Reachable Time                : 15000 ms
    Retransmission Interval            : 2000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Interface External Parameters
    ----------------------------------------------
    IfLuid                             : ethernet_9
    IfIndex                            : 18
    State                              : connected
    Metric                             : 5
    Link MTU                           : 1500 bytes
    Reachable Time                     : 16000 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 1
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : disabled
    Advertising                        : disabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : disabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 64
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh advf show currentprofile

    Private Profile Settings:
    ----------------------------------------------------------------------
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable

    Logging:
    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096

    Ok.


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>netsh advfirewall monitor show consec

    Global Settings:
    ----------------------------------------------------------------------
    IPsec:
    StrongCRLCheck                        0:Disabled
    SAIdleTimeMin                         5min
    DefaultExemptions                     ICMP
    IPsecThroughNAT                       Never
    AuthzUserGrp                          None
    AuthzComputerGrp                      None

    StatefulFTP                           Enable
    StatefulPPTP                          Enable

    Main Mode:
    KeyLifetime                           60min,0sess
    SecMethods                            DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
    ForceDH                               No

    Categories:
    BootTimeRuleCategory                  Windows Firewall
    FirewallRuleCategory                  Windows Firewall
    StealthRuleCategory                   Windows Firewall
    ConSecRuleRuleCategory                Windows Firewall


    Quick Mode:
    QuickModeSecMethods                   ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
    QuickModePFS                          None

    Security Associations:

    No SAs match the specified criteria.


    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>Certutil -store my 
    my
    CertUtil: -store command completed successfully.

    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>Systeminfo

    Host Name:                 UAGCLIENT1
    OS Name:                   Microsoft Windows 7 Enterprise
    OS Version:                6.1.7600 N/A Build 7600
    OS Manufacturer:           Microsoft Corporation
    OS Configuration:          Member Workstation
    OS Build Type:             Multiprocessor Free
    Registered Owner:          UAG
    Registered Organization:  
    Product ID:                00392-918-5000002-85366
    Original Install Date:     08-06-2011, 17:01:17
    System Boot Time:          09-07-2011, 12:37:15
    System Manufacturer:       Microsoft Corporation
    System Model:              Virtual Machine
    System Type:               X86-based PC
    Processor(s):              1 Processor(s) Installed.
                               [01]: x64 Family 6 Model 30 Stepping 5 GenuineIntel ~2533 Mhz
    BIOS Version:              American Megatrends Inc. 090004 , 19-03-2009
    Windows Directory:         C:\Windows
    System Directory:          C:\Windows\system32
    Boot Device:               \Device\HarddiskVolume1
    System Locale:             4009
    Input Locale:              en-us;English (United States)
    Time Zone:                 (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi
    Total Physical Memory:     1,024 MB
    Available Physical Memory: 675 MB
    Virtual Memory: Max Size:  2,048 MB
    Virtual Memory: Available: 1,567 MB
    Virtual Memory: In Use:    481 MB
    Page File Location(s):     C:\pagefile.sys
    Domain:                    uagda.local
    Logon Server:              N/A
    Hotfix(s):                 N/A
    Network Card(s):           1 NIC(s) Installed.
                               [01]: Microsoft Virtual Machine Bus Network Adapter
                                     Connection Name: External
                                     DHCP Enabled:    No
                                     IP address(es)
                                     [01]: 192.168.10.5
                                     [02]: fe80::8418:24ff:43a3:5760

    C:\Windows\system32\LogSpace\{EF5149AE-9CD8-4D42-8B9D-DE7CA9502977}>whoami /groups 

    GROUP INFORMATION
    -----------------

    Group Name                             Type             SID          Attributes                                       
    ====================================== ================ ============ ==================================================
    BUILTIN\Administrators                 Alias            S-1-5-32-544 Enabled by default, Enabled group, Group owner   
    Everyone                               Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
    NT AUTHORITY\Authenticated Users       Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
    Mandatory Label\System Mandatory Level Label            S-1-16-16384                                                  

    Please guide me to resolve this issue.

    Thanks in advance

    Regards,
    Vinu Kumar T K


    Thanks & Regards, Vinu Kumar T K
    Thursday, July 14, 2011 10:18 AM

Answers

  • Hi,

    I am able to resolve the issue. The issue was I forgot to install computer certificate in the DA client.

    Regards,
    Vinu Kumar T K


    Thanks & Regards, Vinu Kumar T K
    • Marked as answer by Quadra Vinu Thursday, July 14, 2011 1:34 PM
    Thursday, July 14, 2011 1:34 PM