locked
DA, Force Tunneling and IE RRS feed

  • General discussion

  • Hi all - just thought I'd share this in case anyone has a similar issue.  I was working on a DirectAccess setup for a customer recently - Server 2012, IPHTTPS (behind nat), mix of W7 and W8 clients - one of their requirements was force tunneling however when we enabled it client machines were no longer able to contact the proxy when using IE, strangely Firefox and Chrome both worked fine.  When we looked at the TCP/IP stack in procexp.exe (sysinternals) you could see clearly that IE wasn't trying to use the proxy and was simply trying to use the NAT64 address of the site that you are trying to visit on port 80.  After spending a couple of days troubleshooting we gave in and raised a Microsoft Support case.  One of the first things they asked was 'does IE use the proxy when force tunneling is switched off' - fair I guess!  We disabled the proxy to test this and sure enough IE now correctly proxied all traffic through our TMG server, the ticket was then handed over to the IE team who asked us demonstrate the problem - sod's law as soon as we switched force tunneling back on the problem was resolved.

    So the moral of the story - switch it off and back on again. I imagine if you're having force tunneling related issues this should be your first port of call (after checking the NRPT).

    Gaz. 

    Thursday, May 16, 2013 6:51 AM