locked
Troubleshooting Name Resolution Problems with DirectAccess Clients RRS feed

  • General discussion

  • Hi all,

    I'm setting up DA on UAG on a test network, and my client's DA Connectivity Assistant is indicating corporate names cannot be resolved when I'm offsite.  The teredo tunnel is being created, and I see the session on the server, so I'm getting there.  I'm not seeing anything helpful in the DCA logs.  Does anyone have any suggestions, or where should I start looking for more detailed logging to troubleshoot this?

    One thing I'm wondering about is whether my decision to not use ISATAP has anything to do with this.  I've tried with it both enabled and disabled (via netsh) on both client and server and get that same corporate name resolution error.  My original assumption was if ISATAP isn't working, the client would use DNS64, but maybe that's not how it works.  None of my infrastructure servers use ISATAP or IPv6.  My employer wants everything inside of the DA server to be IPv4, so ISATAP is not an option.

    Thanks in advance,

    Ross



    • Changed type RossJG Friday, April 8, 2011 9:54 PM I answered my own question and I think the answer is interesting enough that it might generate discussion.
    Friday, April 8, 2011 9:35 PM

All replies

  • Problem solved, rather than delete the thread I thought I'd share, because the answer is kind of interesting.

    The DCA lied.  I am in fact resolving names properly on the internal network (I get IPv6 addresses back for the machines when I resolve them).  I think maybe the DCA is making an assumption that if ISATAP isn't working, then name resolution isn't working.

    Friday, April 8, 2011 9:53 PM
  • Great news that the connection is working! Just an FYI, the DCA does not care about ISATAP at all. The DCA simply queries the resources that you tell it to query. If you're running UAG SP1 (if you're not you should) :) then you can configure what the DCA "looks for" during the DirectAccess configuration wizards.

    DCA reporting isn't perfect, and you probably just happened to catch it at a time where it was reporting incorrectly. My own DCA sometimes reports not working when it is actually working.

    Monday, April 11, 2011 7:49 PM
  • Good call.  And I had accidentally given it my NLS site in the wizard, which of course is the one thing that's going to be unresolvable off-site due to the NRPT.  Oh well, that was silly.

    Thanks!

    Monday, April 11, 2011 8:52 PM