locked
UAG DirectAccess Configuration - Internal Address Greyed out RRS feed

  • Question

  • Hi, thanks for looking, im pretty stuck!
    I'm configuring my first direct Access UAG server and so far everythings goe through peachy!
    I have got to the Server Configuration section, and I can select the internet facing IPV4 address fine, but the internal one is greyed out and I cant select anything, i know I should be selecting the address for my DA server but it wont let me drop down the box or enter it!
    Any ideas of what ive missed or anything i can try would be greatly appreciated
    Thanks in advance
    Wednesday, February 10, 2010 2:28 PM

Answers

  • Hi,

    If you have a global IPv6 address on your NIC, then UAG won't let you select an IPv4 address in the UI, since it assumes you already have an IPv6 environment.
    Can you please tell us the exact IPv6 address you have on the NIC? Is it the address UAG displays in the IPv6 drop down?
    • Proposed as answer by Erez Benari Wednesday, February 17, 2010 11:33 PM
    • Marked as answer by Erez Benari Monday, March 1, 2010 9:41 PM
    Sunday, February 14, 2010 5:10 PM

All replies

  • Hi MSimmonds.

    You should be able to select either an internal IPv6 address or an internal IPv4 address.
    I guess that UAG is suggesting you select an IPv6 address and not an IPv4 address.

    Can you make sure the drop down box near Internal IPv6 is enabled and you have values to select from?

    BTW, the internal IPv4 drop down box will be selected in the following conditions:
    * You have an IPv6 address on the internal physical interface
    * You have an ISATAP router in your organization (ISATAP is registered in the DNS)

    My guess is that you have the name ISATAP registered in your DNS because of your previous Windows DA deployment.
    Make sure you remove this name from the DNS. flush UAG's DNS cache, and open the Server Configuration section again.

    Thanks,
    Yaniv
    Wednesday, February 10, 2010 4:39 PM
  • Hi M,

    Make sure the NIC is plugged in to the switch or is not otherwise disabled.

    As  Yaniv mentioned, if you have ISATAP already registered in DNS and it's in the UAG server's cache, you might not see the configuration for the IPv4 setting.

    Do you have an IPv6 address on the internal interface already?

    Tom
    MS ISDUA Anywhere Access Team
    • Proposed as answer by Erez Benari Thursday, February 11, 2010 11:00 PM
    Thursday, February 11, 2010 12:30 PM
  • Thank you for your input guys,

    I have had a look and just to clarify the situation yes I can drop down the IPV6 box and it has values, but not the IPV4 box.
    I have had a look at the DNS and have no reference to any ISATAP in there, i flushed the DNS cache on the UAG server and tried again, but its still the same result. I do have an IPV6 address for the NIC, but only one its picked up automatically, I am trying to get it setup with IPV4 initially as im relatively new to IPV6 and not looking to get into it too much just yet! Do you have any other suggestions? Thanks again for your help.
    Friday, February 12, 2010 1:47 PM
  • Hi M,

    OK, that's some useful information.

    Since you don't have a native IPv6 infrastructure, you'll be using ISATAP. The UAG server will set itself as a ISATAP router when you run the DirectAccess wizard.

    Have you set up the rest of the DA infrastructure? To you have the network location server online? Have you enabled ISATAP queries in DNS? Have you obtained the web site certificates for the network location server and the IP-HTTPS listener?

    Thanks!
    Tom
    MS ISDUA Anywhere Access Team
    Saturday, February 13, 2010 2:59 PM
  • Hi,

    If you have a global IPv6 address on your NIC, then UAG won't let you select an IPv4 address in the UI, since it assumes you already have an IPv6 environment.
    Can you please tell us the exact IPv6 address you have on the NIC? Is it the address UAG displays in the IPv6 drop down?
    • Proposed as answer by Erez Benari Wednesday, February 17, 2010 11:33 PM
    • Marked as answer by Erez Benari Monday, March 1, 2010 9:41 PM
    Sunday, February 14, 2010 5:10 PM
  • I also came accross this issue whereby the internet IP4V address was greyed out.

    I resolved this by adding a ISATAP.domain.com record to my internal DNS server with the address of the UAG.

    Tuesday, March 2, 2010 8:20 PM
  • Thanks all for looking and your advice, apologies for not replying earlier!

    The solution i found was to remove the ISATAP entries from the DNS server then disable IPV6 on the internal network, flushDNS, reboot then renable IPV6, this then allowed me to select the IPV4 address in the setup and still use the IPV6 address. Thanks for all your help, all is working now, and can't fault it at all!
    Wednesday, March 3, 2010 5:32 PM
  • Hi M,

    DNS registrations for the ISATAP addresses are often a common issue when things aren't working right. DNS IPv6 address registrations and Group Policy settings are problably the top two issues I'm seeing so far. Certificate issues are right behind them, but they are less "time dependent" than the DNS and Group Policy issues. That is to say, if you do the certificates wrong, they'll always be wrong and you have to fix that problem. However, if you did the IPv6 stuff right (and there's really nothing you have to do, it just works) and Group Policy right (again, there's no much you have to do, it just works), but timing issues can make you think that things aren't working.

    I am working on the 2nd Edition of the UAG DA step by step guide now. In fact, it's about 85% complete. I include a lot of validation information and key checks so that you'll know where to check for these kind of things. I think the 2nd edition of the step by step guide will really provide a great introduction to UAG DA and inspire you to deploy a proof of concept as soon was possible.

    Thanks!
    Tom
    MS ISDUA/UAG DA Anywhere Access Team
    Friday, March 5, 2010 2:00 PM