none
DA 2012 DNS Error RRS feed

  • Question

  • Hi 

    Just deployed DA in 2012 and receiving the following error:

    None of the Enterprise DNS servers (IPv6 address) used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.

    This is a vanilla build but I have not enbled ISATAP internally and not going to.

    I have setup a few other 2012 DA infrastructures but not seen this.  Just to not DA is setup with NLB and multisite and showing the same error in both sites.

    Cheers

    Wednesday, February 13, 2013 11:21 PM

Answers

  • Just to add more info.  

    On the DNS suffix in step 3 for my internal domain this IP it resolves to is the internal VIP of the DA servers.  is this correct?  It also shows the IPv6 of this address but I cannot ping it.  Also the VIP of my internal NIC is not present in DNS but not sure if it has to be?

    Thanks

    • Marked as answer by Clarkeyi Friday, February 15, 2013 11:37 PM
    Friday, February 15, 2013 2:01 PM
  • Seems NLB is the problem.  Need to add the SRP to the switch
    • Marked as answer by Clarkeyi Friday, February 15, 2013 11:38 PM
    Friday, February 15, 2013 11:38 PM

All replies

  • hi, do you use ipv6 internally? if not da 2012 will do the translation and you are fine. you would only encounter problems if you have ipv6-only internally services. regards, lutz
    Thursday, February 14, 2013 3:22 AM
  • Hi LutzMH, no pure IPv4.

    I am wondering if the NLB is causing the issue?.  I am going to break an NLB array and see if this sorts out the issue?.  

    Any others suggestions to try before breaking NLB would be good.

    I have also noticed NSLOOKUP, etc is fine from the DA servers but when applyiing changes to the GPO it complains that it is taking a long time?

    Thursday, February 14, 2013 10:12 AM
  • Just to add more info.  

    On the DNS suffix in step 3 for my internal domain this IP it resolves to is the internal VIP of the DA servers.  is this correct?  It also shows the IPv6 of this address but I cannot ping it.  Also the VIP of my internal NIC is not present in DNS but not sure if it has to be?

    Thanks

    • Marked as answer by Clarkeyi Friday, February 15, 2013 11:37 PM
    Friday, February 15, 2013 2:01 PM
  • Seems NLB is the problem.  Need to add the SRP to the switch
    • Marked as answer by Clarkeyi Friday, February 15, 2013 11:38 PM
    Friday, February 15, 2013 11:38 PM
  • I am facing same issue just wish to know if anyone has solved this issue.

    Thanks for help

    Friday, March 22, 2013 9:00 AM
  • Hi 

    Yes it was resolved by reconfiguring the switches to support NLB properly.

    Also check the internal IPv6 interface to see if there is an IPv6 address present?.  I had 4 servers and one server was missing the IPv6 address so I added it manually.  I got the IPv6 address from step 3 assigning NRPT entries.

    Let me know how you get on?

    Friday, March 22, 2013 10:26 AM
  • no luck yet.

    Still it says None of the enterprise DNS servers fd42:60f0:6f2f:6666::1 used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.

    I wish to understand this IPV6 fd42:60f0:6f2f:6666::1 is address of our DNS server or internal interface .

    Friday, March 22, 2013 1:03 PM
  • Hi

    The DNS server in this case is the internal IP of your DA server.  Clients connect to this so that the DA server can resolve IPv6 to IPv4 addresses (DNS64).

    I am wondering if your IPv6 address is being blocked by the DA server Windows firewall?.  Maybe worth checking your Windows FW logs or run Netmon or Wireshark to see if any traffic is being blocked from this address?

    Saturday, March 23, 2013 11:50 AM