DA doesnt seem to be even trying to connect prior to the user login


  • Hiya. 

    I've successfully set up a 2012 DA server. Once the user logins in, it tries to connect to DA and works, but, before the user has logged in it doesnt seem to be making any effort to try and connect. It doesnt even appear in the network list

    I'm using a surface pro as a client. 

    Anyone have any ideas what I've done wrong and where I might start diagnosing this? 



    Friday, February 28, 2014 11:57 AM

All replies

  • Hi

    By default Surface PRO rely on Windows 8 professionnal, not enterprise. Only enterprise edition of Windows 8 offer DirectAccess. If you have the right edition, what result the Get-DaClientExperienceconfiguration provide?

    And the DAConnectionStatus command also.

    BenoitS - Simple by Design

    • Edited by BenoitSMVP Friday, February 28, 2014 2:07 PM missing info
    Friday, February 28, 2014 2:04 PM
  • Hiya

    8.1 Enterprise is on the surface pro. 

    Description : DA Client Settings
    CorporateResources : {HTTP:http://directaccess-WebProbeHost.contoso.local}
    IPsecTunnelEndpoints : {PING:fdd7:b2b9:ddd5:1000::1,
    CustomCommands :
    PreferLocalNamesAllowed : False
    UserInterface : True
    PassiveMode : False
    SupportEmail :
    FriendlyName : Contoso Ltd
    ManualEntryPointSelectionAllowed : True
    GslbFqdn :
    ForceTunneling : Enabled

    Status : ActionableError
    Substatus : InternetConnectivityDown

    Which seems really odd because this connection does have internet. 

    Monday, March 03, 2014 5:01 PM
  • Hi,

    If it's your first DirectAccess client connected to your DA Gateway, make it simple and disable force tunneling. If it's a network connectivity issue, it will be easier to debug. if you can you can also share the result of the DirectAccess troublshooter : It will be helpfull.

    BenoitS - Simple by Design

    Monday, March 03, 2014 6:11 PM
  • Hm, okay. Disabling force tunneling and now it connects when a user is logged in (can access network resources), but not before logon. The client troubleshooting tool is coming up with an issue in "IP Connectivity tests" at failed to connect to endpoint even though it seems to have established a link. I'm going over my config in DA again. This seems really odd.
    Tuesday, March 04, 2014 9:04 AM
  • Hi

    If your Direct Access client canot établis network connectivité before user logon, it light be for multiple restons, what type of network connectivité tour client use (Teredo or IPHTTPS).

    BenoitS - Simple by Design

    Tuesday, March 04, 2014 9:13 AM
  • It's IPHTTPS.  

    When I had this working in the test lab, it would go for "establishing remote connectivity" before getting to the ctrl alt delete screen.  If you selected the wifi icon then you could see that it had established the connection. 

    Tuesday, March 04, 2014 10:10 AM
  • Hi,

    So if it works without force tunneling and not with it, certificats used for IPHTTPS must be delivered from a trusted CA with CRL available on Internet. If your DirectAccess client cannot reach CRL, it wont be able to validitate IPHTTPS certificate revocation statuts. That May be the foot cause of the problem.

    BenoitS - Simple by Design

    Tuesday, March 04, 2014 10:26 AM