locked
No DNS resolution for Intranet resources RRS feed

  • Question

  • Hi,

    I've built a UAG 2010 server with all of the prerequisites in place then configured direct access.  I applied the settings and ran gpupdate on both my test client (W7 Ent) and on the DA server.

    I can ping -6 between the 2008r2 domain controller and the DA server on the local intranet using host names, and I've added the isatap host entry and removed the global block.  Everything looking OK, I took my test client home.

    I am able to access the DA's IIS home page via the Internet.
    I run netsh namespace show pol and I see the IP address for the DNS server.
    I can ping -6 this address (for some reason this IP address is different from when I ping the DC from the DA, and not just the ip4 bit on the end)
    I can ping -6 any intranet server by using the ip6 address with the IP4 bit on the end (e.g. 2002:ca08:4d18:8000:0:5cfa:192.168.0.1 -- I've changed this from he real address for this example).

    I cannot ping any internal resource by using the anything such as APP1 or APP1.domain.com.  I just get:  Ping request could not find host app1. Please check the name and try again.

    I checked everything, and the one thing that I notice is that the RSOP on the DA machine is not listing DirectAccess Policy-{ab991ef0-6fa9-4bd9-bc42-3c397e8ad300} so I'm assuming it's not being applied for some reason.  I've checked gpmc and it does exist and with explicit security for my DA machine account.

    The wierd thing is, and I'm not sure if I was hallucinating, but I was able to ping intranet resources at some point and then it just stopped working.  Also, and I'm not sure if this is normal, I can ping any Intranet resource (e.g. 2002:ca08:4d18:8000:0:5cfa:192.168.0.1) from *any* machine even if the client is not configured with direct access.  Is that normal?

    I'm not sure what or where or how else to check.  Any advice is appreciated.

    Thanks,

    Kim






    Saturday, February 20, 2010 3:16 PM

Answers

  • Hi,

    I found the answer to this here.

    In short, the OU that the server was in was blocking the policy from getting to the server.

    I simply linked the policy to the OU where the server lives, and all things started working.

    Two things though:

    1)  I lost the ability to RDP to this machine from other machines on my home network.  I believe this has to do with the tunnels coming up and preventing RDP while they're up.

    2)  I can only access Intranet websites with Teredo disabled.  If I set the state to client or enterpriseclient, she no work.

    Regards,

    Kim

    • Marked as answer by Erez Benari Monday, March 1, 2010 9:40 PM
    Saturday, February 20, 2010 3:43 PM