locked
Forwarding on the Teredo network Interface cannot be enabled RRS feed

  • Question

  • Hi there,

    I just installed Rollup 1 hotfix package KB2475733.
    DirectAccess is not working anymore.
    I activated my configuration, but this didn't solve the problem.

    Apparently  I have a problem with my interfaces.

    The public interfaces are in trouble.
    netsh ipsecdos show int
    Public interfaces: Element not found.

     

    This seams reasonable ok.
    netsh int ipv6 show int

    Idx     Met         MTU          State                Name
    ---  ----------  ----------  ------------  ---------------------------
      1          50  4294967295  connected     Loopback Pseudo-Interface 1
     32          25        1280  connected     6TO4 Adapter
     10          20        1500  connected     PUBLIC
     14          25        1280  connected     isatap.{AA86194C-0067-49F9-8613-############}
     15          10        1280  connected     isatap.{DC944005-BCFF-4098-B635-############}
     16          50        1280  connected     IPHTTPSInterface
     12          10        1500  connected     PRIVATE
     18          50        1280  disconnected  isatap.{10A57E75-8BB7-4224-AACE-############}
     19          50        1280  connected     Teredo Tunneling Pseudo-Interface

    In device manager only my two physical adapters are showing up.
    When I set the Show Hidden Devices, then I see all other interfaces:
    IPHTTPSInterface
    Microsoft 6to4
    Microsoft Isatap (3 times)
    Teredo
    WAN Miniports (8 times)

     

    Direct Access Monitor is saying Not Heathly on all parts!

    What can I do to correct this situation?
    What interfaces can I uninstall from device manager?
    What action to perform to recreate the public interface?


    Thanks
    John

     




    • Edited by JohnDBE Wednesday, July 13, 2011 2:50 PM
    Sunday, June 12, 2011 4:34 PM

Answers

  •  

    Well, I'm a bit further a long the road but not quiet home yet!

    I detected that I had two Local Area Connection* 9 entries in ipconfig/all (see below).
    I went back into the device manager and deleted the SSL Network Tunneling interface.

    This SSL Network Tunneling interface dates from a version prior to UAG SP1.

    Restarted the UAG server and activated, and this time no more errors.
    So thats cool. And furthermore DA client access is actually working.
    But the DirectAccess Monitor Current Status is still showing NOT Healthy on all items!
    So something is not quiet what it should be.

    When I reboot the server. DA client access is still working!
    But the DirectAccess Monitor Current Status is still showing NOT Healthy.

    And this is no good:
    C:\Windows\system32>netsh ipsecdos show int
    Public interfaces: Element not found.

    So I executed the reset and added the individual interfaces again.

    After an other reboot, netsh ipsecdos show int is showing ok.
    But I the DirectAccess Monitor Current Status is still showing NOT Healthy on all items!
    My clients can connect, so that is the most important, so at this moment I can live with this monitor issue.

     If anybody still has a hint, I would be glad to give it a try.

     

    ipconfig/all

    Ethernet adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : SSL Network Tunneling
       Physical Address. . . . . . . . . : 00-##-##-##-##-##
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8000:f227:####:####%##(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled




    • Marked as answer by Erez Benari Friday, August 26, 2011 11:26 PM
    Wednesday, July 13, 2011 3:44 PM

All replies

  • Well I got a step further but are still strugling with a problem.

    Using Ken Carvels earlier replies on a simular issue I had, i was able to reset the interfaces and bring them back in.
    But I still get an error when activating: Forwarding on the Teredo network Interface cannot be enabled.

    So my public interfaces are back:
    netsh ipsecdos show int
    Public interfaces: PUBLIC-NIC, 6TO4 Adapter, Local Area Connection* 9, IPHTTPSInterface
    Internal interfaces: isatap.{DC944005-BCFF-4098-B635-############}
    Ok.


    netsh int ipv6 show int

    Idx     Met         MTU          State                Name
    ---  ----------  ----------  ------------  ---------------------------
      1          50  4294967295  connected     Loopback Pseudo-Interface 1
     19          25        1280  connected     isatap.{AA86194C-0067-49F9-8613-############}
     10          20        1500  connected     PUBLIC-NIC
     20          25        1280  connected     6TO4 Adapter
     21          10        1280  connected     isatap.{DC944005-BCFF-4098-B635-############}
     14          50        1280  connected     IPHTTPSInterface
     12          10        1500  connected     PRIVATE-NIC
     18          50        1280  connected     Local Area Connection* 9
     22          50        1280  disconnected  isatap.{10A57E75-8BB7-4224-AACE-############}

    According to my ipconfig/all the Terodo interface shoudl be Local Area Connection* 9

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-##-##-##
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8000:f227:####:####%##(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    I then tried: netsh int ipv6 set interface "Local Area Connection* 9" forwarding=enabled
    But i get a reply: "Element not found"

    What could i do next?

     


    • Edited by JohnDBE Wednesday, July 13, 2011 2:51 PM
    Tuesday, July 12, 2011 6:59 PM
  •  

    Ok, I went through the process one more time.

    C:\Windows\system32>netsh ipsecdos show int
    IPsec DoS Protection has not been enabled.

    C:\Windows\system32>netsh int ipv6 show int

    Idx     Met         MTU          State                Name
    ---  ----------  ----------  ------------  ---------------------------
      1          50  4294967295  connected     Loopback Pseudo-Interface 1
     29          25        1280  connected     isatap.{AA86194C-0067-49F9-8613-############}
     10          20        1500  connected     PUBLIC-NIC
     30          25        1280  connected     6TO4 Adapter
     32          10        1280  connected     isatap.{DC944005-BCFF-4098-B635-############}
     33          50        1280  connected     Local Area Connection* 9
     12          10        1500  connected     PRIVATE-NIC
     31          50        1280  disconnected  isatap.{10A57E75-8BB7-4224-AACE-############}


    C:\Windows\system32>netsh ipsecdos add interface isatap.{DC944005-BCFF-4098-B635-############} internal
    Ok.

    C:\Windows\system32>netsh ipsecdos add interface public-nic public
    Ok.

    C:\Windows\system32>netsh ipsecdos add interface "6TO4 Adapter" public
    Ok.

    C:\Windows\system32>netsh ipsecdos add interface IPHTTPSInterface public
    Ok.

    C:\Windows\system32>netsh ipsecdos add interface "Local Area Connection* 9" public
    Ok.

    C:\Windows\system32>netsh ipsecdos show int
    Public interfaces: PUBLIC-NIC, 6TO4 Adapter, IPHTTPSInterface, Local Area Connection* 9
    Internal interfaces: isatap.{DC944005-BCFF-4098-B635-############}
    Ok.

    At this point I tried to activate UAG, but it came back with the same error: Forwarding on the Teredo interface cannot be enabled.

    Then I learned from an article from  Deb Shinder how to use the interface number.
    http://www.windowsnetworking.com/articles_tutorials/configuring-isatap-router-windows-server-2008-r2-part2.html

    From ipconfig/all I'm guessing that my Teredo interface is actually Local Area Connection* 9 which has 33 as interface index.

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-##-##-##
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:c24e:8eaa:8100:8000:####:####:####(Preferred)
       Link-local IPv6 Address . . . . . : fe80::8000:f227:####:####%##(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    So I performed this command:
    C:\Windows\system32>netsh int ipv6 set interface 33 forwarding=enabled
    Ok.

    But unfortunately the activation fails again with the same error: Forwarding on the Teredo interface cannot be enabled.
    Need to figure out what the core reason is that it cannot be enabled, but where do I look?

     

     


    • Edited by JohnDBE Wednesday, July 13, 2011 2:53 PM
    Wednesday, July 13, 2011 9:42 AM
  •  

    netsh interface ipv6 show interfaces level=verbose

    Interface Local Area Connection* 9 Parameters
    ----------------------------------------------
    IfLuid                             : tunnel_8
    IfIndex                            : 20
    State                              : connected
    Metric                             : 50
    Link MTU                           : 1280 bytes
    Reachable Time                     : 21500 ms
    Base Reachable Time                : 30000 ms
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 0
    Site Prefix Length                 : 64
    Site Id                            : 1
    Forwarding                         : enabled
    Advertising                        : enabled
    Neighbor Discovery                 : enabled
    Neighbor Unreachability Detection  : enabled
    Router Discovery                   : enabled
    Managed Address Configuration      : disabled
    Other Stateful Configuration       : disabled
    Weak Host Sends                    : enabled
    Weak Host Receives                 : disabled
    Use Automatic Metric               : enabled
    Ignore Default Routes              : disabled
    Advertised Router Lifetime         : 1800 seconds
    Advertise Default Route            : disabled
    Current Hop Limit                  : 0
    Force ARPND Wake up patterns       : disabled
    Directed MAC Wake up patterns      : disabled

    Wednesday, July 13, 2011 10:41 AM
  •  

    netsh int dump show something interesting.

    Up until now I assumed interface="Local Area Connection* 9" was my Teredo Interface.

    But looking at the output from the dump I can find an other line:
    set interface interface="Teredo Tunneling Pseudo-Interface" forwarding=disabled ...... (see full dump below)

    It clearly states forwarding disabled!

    But which one is effectively my Teredo interface?
    Is this a problem or not?

    This does not work
    C:\Windows\system32>netsh int ipv6 set interface "Teredo Tunneling Pseudo-Interface" forwarding=disabled
    Element not found.

    This does work
    C:\Windows\system32>netsh int ipv6 set interface 20 forwarding=enabled
    Ok.

    C:\Windows\system32>netsh int ipv6 show int

    Idx     Met         MTU          State                Name
    ---  ----------  ----------  ------------  ---------------------------
      1          50  4294967295  connected     Loopback Pseudo-Interface 1
     17          25        1280  connected     isatap.{AA86194C-0067-49F9-8613-############}
     10          20        1500  connected     PUBLIC-NIC
     18          25        1280  connected     6TO4 Adapter
     19          10        1280  connected     isatap.{DC944005-BCFF-4098-B635-############}
     20          50        1280  connected     Local Area Connection* 9
     12          10        1500  connected     PRIVATE-NIC
     22          50        1280  connected     IPHTTPSInterface

    route print

    C:\Windows\system32>route print
    ===========================================================================
    Interface List
     13...00 ff 08 01 19 47 ......SSL Network Tunneling
     12...00 00 00 ## ## ## ......Broadcom NetXtreme Gigabit Ethernet
     10...00 00 00 ## ## ## ......Broadcom NetXtreme 57xx Gigabit Controller
      1...........................Software Loopback Interface 1
     17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
     19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
     20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     22...00 00 00 00 00 00 00 e0 IPHTTPSInterface
    ===========================================================================

    ipconfig /all

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:c24e:8eaa:8100:8000:####:####:####(Preferred)
       Link-local IPv6 Address . . . . . : fe80::8000:f227:####:####%##(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    netsh dump int

    # ----------------------------------
    # IPv6 Configuration
    # ----------------------------------
    pushd interface ipv6

    reset
    set global groupforwardedfragments=enabled
    add route prefix=2002:c24e:8eaa::/64 interface="isatap.{AA86194C-0067-49F9-8613-############}" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eab::/64 interface="isatap.{AA86194C-0067-49F9-8613--############}" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eaa:8000::/64 interface="isatap.{DC944005-BCFF-4098-B635-############}" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eaa:8001::/96 interface="isatap.{DC944005-BCFF-4098-B635-############}" nexthop=:: publish=No
    add route prefix=2002:c24e:8eaa:8000::/49 interface="isatap.{DC944005-BCFF-4098-B635-############}" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eaa:8100::/64 interface="Local Area Connection* 9" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eaa::/64 interface="tunnel_13" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eab::/64 interface="tunnel_13" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eaa::/64 interface="6TO4 Adapter" nexthop=:: publish=Yes
    add route prefix=2002:c24e:8eab::/64 interface="6TO4 Adapter" nexthop=:: publish=Yes
    set interface interface="isatap.{AA86194C-0067-49F9-8613-############}" forwarding=enabled advertise=enabled nud=enabled
    set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled mtu=1280 nud=enabled
    set interface interface="isatap.{DC944005-BCFF-4098-B635-############}" forwarding=enabled advertise=enabled nud=enabled advertisedefaultroute=enabled
    set interface interface="Local Area Connection* 9" forwarding=enabled advertise=disabled mtu=1280 nud=enabled advertisedefaultroute=disabled
    set interface interface="IPHTTPSInterface" forwarding=disabled advertise=disabled mtu=1280 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
    set interface interface="Teredo Tunneling Pseudo-Interface" forwarding=disabled advertise=disabled mtu=1280 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
    set interface interface="Local Area Connection* 12" forwarding=disabled advertise=disabled mtu=1280 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
    set interface interface="Reusable ISATAP Interface {3E0DEC50-13ED-408A-B63C-############}" forwarding=disabled advertise=disabled mtu=1280 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
    set interface interface="6TO4 Adapter" forwarding=enabled advertise=enabled nud=enabled
    set interface interface="PUBLIC-NIC" forwarding=disabled advertise=enabled nud=enabled
    set interface interface="tunnel_13" forwarding=enabled advertise=enabled nud=enabled


    popd
    # End of IPv6 configuration



    Wednesday, July 13, 2011 12:00 PM
  •  

    Well, I'm a bit further a long the road but not quiet home yet!

    I detected that I had two Local Area Connection* 9 entries in ipconfig/all (see below).
    I went back into the device manager and deleted the SSL Network Tunneling interface.

    This SSL Network Tunneling interface dates from a version prior to UAG SP1.

    Restarted the UAG server and activated, and this time no more errors.
    So thats cool. And furthermore DA client access is actually working.
    But the DirectAccess Monitor Current Status is still showing NOT Healthy on all items!
    So something is not quiet what it should be.

    When I reboot the server. DA client access is still working!
    But the DirectAccess Monitor Current Status is still showing NOT Healthy.

    And this is no good:
    C:\Windows\system32>netsh ipsecdos show int
    Public interfaces: Element not found.

    So I executed the reset and added the individual interfaces again.

    After an other reboot, netsh ipsecdos show int is showing ok.
    But I the DirectAccess Monitor Current Status is still showing NOT Healthy on all items!
    My clients can connect, so that is the most important, so at this moment I can live with this monitor issue.

     If anybody still has a hint, I would be glad to give it a try.

     

    ipconfig/all

    Ethernet adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : SSL Network Tunneling
       Physical Address. . . . . . . . . : 00-##-##-##-##-##
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8000:f227:####:####%##(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled




    • Marked as answer by Erez Benari Friday, August 26, 2011 11:26 PM
    Wednesday, July 13, 2011 3:44 PM
  • The Solution in my Case was this:

    C:\Windows\system32>netsh interface ipv6 show int 31

    Interface isatap.{B017E06A-FA90-4D20-B04E-xxxxxxxxxxxxxxxxx} Parameters
    IfLuid : tunnel_11
    IfIndex : 31
    State : connected
    Metric : 10
    Link MTU : 1280 bytes
    Reachable Time : 29000 ms
    Base Reachable Time : 30000 ms
    Retransmission Interval : 1000 ms
    DAD Transmits : 0
    Site Prefix Length : 64
    Site Id : 1
    Forwarding : enabled
    Advertising : disabled
    Neighbor Discovery : enabled
    Neighbor Unreachability Detection : disabled
    Router Discovery : enabled
    Managed Address Configuration : disabled
    Other Stateful Configuration : disabled
    Weak Host Sends : enabled
    Weak Host Receives : disabled
    Use Automatic Metric : enabled
    Ignore Default Routes : disabled
    Advertised Router Lifetime : 1800 seconds
    Advertise Default Route : disabled
    Current Hop Limit : 0
    Force ARPND Wake up patterns : disabled
    Directed MAC Wake up patterns : disabled

    netsh interface ipv6 set interface 31 advertise=enabled

    netsh interface ipv6 set interface 31 advertisedefaultroute=enabled

    http://www.windowsnetworking.com/articles_tutorials/configuring-isatap-router-windows-server-2008-r2-part2.html

    Special Thanks to Thomas W. who solve the problem :)


    Friday, November 4, 2011 6:10 PM
  • Hi John,

    I am currently doing a PoC (UAG SP1 U1/TMG SP2 on W2K8 R2 SP1) and have experienced the same issue as you have.

    After I deleted the SSL Network Tunneling Adapter and resetting the ipsecdosprotection configuration I could activate the UAG configuration again.

    I have not done a reboot yet. I assume the network connector is not working anymore (it is not used anyway). Quite frankly speaking, the whole solution does not make a resilient impression to me :-(


    Best regards

    Thomas

    Wednesday, November 30, 2011 1:13 PM
  • I wanted to drop a note.  I had this same error and deleting the SSL adapter did resolve the issue for me to. 

    1) I experenced the error when migrating from ISATAP to Natvie v6 on my lan

    2) I am not sure what the SSL adapter is used for but I hope this did not just "sweep" the issue down the road.

    3) I am hoping the UAG product will redeam itself with SP2.........  

    Sunday, April 29, 2012 3:48 PM