locked
Problems connecting to DirectAccess using IPHTTPS from one location RRS feed

  • Question

  • We have DirectAccess configured on a Windows 2012 R2 server. This is working well, but I am having problems trying to connect when I am at home. I suspect it has to do with my router or ISP. I can connect fine from lots of other locations.

    I get the following error in the DirectAccess Client Connectivity Assistant:

    The IPHTTPS interface is not operational, last error code is 0x274c

    From my research, this error means:

    “A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.”

    If I use my mobile phone as a modem, then I can establish a connection, so that makes me suspect that the problem is happening somewhere between my laptop and the DirectAccess server. I don't have anything unusual configured on my router - no firewall enabled, no port mappings, pretty vanilla setup.

    Any idea how I can troubleshoot this? I'm a novice at Netmon, but willing to learn.

    Saturday, September 27, 2014 8:45 AM

All replies

  • Hey Ivan, 

    If I understand correctly, if you try to connect to internet through your phone, your DA works and it FAILS only when you are connected from your home network.


    When you say, you can connect to DA from anywhere I am 100% sure, you have your DA setup correctly.

    Can you please check the if you are able to resolve IP-HTTPS URL? or have you checked this already? what was the observation. 


    Wednesday, October 1, 2014 3:24 PM
  • Hi Vasu

    If I enter the IP-HTTPS URL into a browser, the page acts as if it is trying to load, but nothing ever shows up. I get this behaviour whether I am able to connect to DirectAccess or not. Is this the expected behaviour?

    Thursday, October 2, 2014 12:45 AM
  • Hey Ivan,

    In a working scenario with UAG DA, you should get 403 when you enter IPHTTPS url in a web browser.

    with 2012 DA, you can run the below command from client to see status of ip-https interfaces.

    netsh int httpstunnel show interfaces 

    If you are using a DNS name for IPHTTPS url, make sure that you are able to RESOLVE that from your home network (you check this by  doing PING da.mydomain.com)

    Thanks,

    Vasu

    Thursday, October 2, 2014 6:04 AM
  • Hi There - have seen similar issues on home routers where packet inspection is enabled which will break iphttps connections (because the router is inspecting 443 traffic as it leaves) which will report the iphttps connection has been tampered with to both client and da server. Perhaps a quick check to make sure this sort of option is not enabled. The fact you can connect with your phone proves that DA is working and is setup correctly so that is not the issue and as you have identified is with the home router.

    Kr

     

    John Davies

    Thursday, October 2, 2014 2:58 PM