none
UAG Direct access client shows the IPv6 address corresponding second external IP (IPv4) as the remote IP address RRS feed

  • Question

  • Hey guys,

    in my lab the first external IP of the DA machine is 131.107.0.2 and the second IP is 137.107.0.3. As per the article http://technet.microsoft.com/en-us/library/ee844114(WS.10).aspx when i give the command netsh advfirewall monitor show mmsa i should technically get the remote IP address as 2002:836b:2::836b:2 but i am getting 2002:836b:3::836b:3. I followed all the steps properly but still getting this issue. Please help me in this regard.

    Thanks in advance.

    Rajesh
    Regards, R@j
    Thursday, February 4, 2010 1:08 AM

Answers

  • Hi Rajesh,

    You won't be able to connect to the NLS server because it part of the Name Resolution Policy Table exemptions list. When a name is on the exemptions list, it tells the DA client *not* to use the DA connection to resolve the name of that resource.

    Is the Domain Controller part of the management servers list? Can you connect to a file share on the domain controller?

    Thanks!
    Tom
    MS ISDUA Anywhere Access Team
    • Proposed as answer by Erez Benari Thursday, February 11, 2010 11:06 PM
    • Marked as answer by Erez Benari Thursday, February 18, 2010 12:08 AM
    Monday, February 8, 2010 7:46 PM
    Moderator

All replies

  • The output you see is consistent with you establishing the second tunnel, this is the "intranet" tunnel.

    HTH,
    Tom
    MS ISDUA Anywhere Access Team
    Friday, February 5, 2010 4:19 PM
    Moderator
  • Thanks Tom,

    Do you say that the output i get is correct?

    with this we are able to ping the domain controller with the hostname (this resolves to the IPV6 address) from client.

    We are able to make any connectivity to the DA server from the client. But we are not able to access the Application server.

    If we give this command ping nls.contoso.com it is not able to resolve the IP.

    The command nltest /dsgetdc: /force also fails.

    Is there any monitoring or packet capture that we can do in the DA server to find where the packets are getting dropped?

    Thanks!!!
    Rajesh
    Regards, R@j
    Friday, February 5, 2010 6:31 PM
  • Hi Rajesh,

    You won't be able to connect to the NLS server because it part of the Name Resolution Policy Table exemptions list. When a name is on the exemptions list, it tells the DA client *not* to use the DA connection to resolve the name of that resource.

    Is the Domain Controller part of the management servers list? Can you connect to a file share on the domain controller?

    Thanks!
    Tom
    MS ISDUA Anywhere Access Team
    • Proposed as answer by Erez Benari Thursday, February 11, 2010 11:06 PM
    • Marked as answer by Erez Benari Thursday, February 18, 2010 12:08 AM
    Monday, February 8, 2010 7:46 PM
    Moderator