none
Direct Access 2012 and SCCM Remote Tools

    Question

  • I have created Direct Access 2012 NLB cluster in single NIC scenario behind NAT. All DA clients are Windows 7 and only IP-HTTPS.
    Everything is fine, clients can connect to internal resources, but I want also manage-out these clients.
    So I created additional FW rules according http://blogs.technet.com/b/edgeaccessblog/archive/2010/09/14/how-to-enable-remote-desktop-sharing-rds-rdp-from-corporate-machines-to-directaccess-connected-machines.aspx
    I deployed ISATAP only on my test computer according http://blog.msedge.org.uk/2011/11/limiting-isatap-services-to-uag.html
    Now I can access shares on DA client, RDP, but SCCM 2007 SP Remote Control doesn't works. It displays starting remote session and then connection failed (0x80004005). Application distibution, windows updates are working.
    Of course when on local intranet Remote Control is working.
    We have UAG DA test environment, when I remove DA 2012 GPOs and add UAG DA GPOs (also only IP-HTTPS, Teredo and 6to4 is disabled) on the same client, Remote Control is working.
    So any suggestions? Is this some kind of single NIC scenarion limitations?
    P.S. Another strange thing - when client is connected through UAG DA in SCCM Management Console on computer object i can see IPv6 address of IPHTTPs adapter, when through DA 2012 there is no IPv6 addreses.

    Wednesday, February 20, 2013 9:00 AM

All replies

  • Hi

    Did you enable all required incoming rules on client computer? From my memory, there are five :

    TCP135, TCP 2701, TCP 2702, UDP 2701, UDP 2702, all with edge transversal enabled.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, February 20, 2013 7:31 PM
  • Hi BenoitS,
    I use the same FW rules, that are working for UAG DA deployment. I double checked, that edge traversal is enabled.
    I found similar thread in forum about Remote Assistance: http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/5709d84b-fd1a-4cd9-af74-670b4b541ca2.
    I tried Remote Assistance and it also is not working. The symptoms are the same as mentioned in that thread, i also see (when I try to connect) that msra.exe, rcagent.exe are listening only on the link-local IP from IPHTTPS, not the "real" IPv6 address.
    Thursday, February 21, 2013 6:57 AM
  • Hi Mareks V,

    Do you already have a solution for this?

    We are experiencing exactly the same thing in a similar setup.

    The first attempt results in a 0x80004005 error, while successive attempts result in a 0x8000ffff error.

    Tuesday, March 19, 2013 10:47 AM
  • Hi Gerrie S,

    I suppose this is single NIC scenario limitation and is somehow related to NAT+SCCM client things.

    We recreate DirectAcess with two NIC (Edge scenario) and no problem with Remote Tools.

    Wednesday, March 20, 2013 6:32 AM
  • I met the issue in Edge scenario - two NIC,  all are working excepting remote tool in SCCM2007 , my DA server is built on Windows 2012r2. any suggestion is highly appreciated!

    Thanks.


    coding

    • Proposed as answer by UCing Monday, January 5, 2015 11:53 PM
    • Unproposed as answer by UCing Monday, January 5, 2015 11:53 PM
    Monday, January 5, 2015 11:04 PM
  • I found the KB https://support.microsoft.com/kb/291288 , installed it and fix.

    thanks.


    coding

    • Proposed as answer by UCing Monday, January 5, 2015 11:55 PM
    Monday, January 5, 2015 11:55 PM
  • That link is for startupswitches for Excel ..
    Tuesday, May 22, 2018 12:02 PM