locked
Direct Access client connectivity RRS feed

  • Question

  • we are having some strange issue with connectivity via direct access to one particular NetApp storage, here is description of the problem:

    - we have two offices connected VPN and MPLS, each office has is own firewall and ISP
    - there are two direct access servers at each location, each pair is configured with NLB
    - there are two different security group and depends to which group laptop belongs to different GPO applies
    - if laptop is in sec group 1 it connects to Direct Access at office 1 and if in sec group 2 it connects to Direct Access at office 2
    - all works we when user/laptop is connected via Direct Access at office 1
    - most of the things works when user/laptop is connected via Direct Access at office 2
    Here is what does not work:
    - if user/laptop connects to office 2 via DA he/she cannot access shares located at local NetApp in office 2 and because we are using DFS it gets redirected to same share but in office 1 and different NetApp storage
    - we pretty much ruled out DFS issues because I cannot access shares on NetApp in office 2 when using UNC path directly to one of the NetApp filers,
    - I can access other windows servers in office 2 via UNC path which are located in same IP range as NetApp shares
    - I also ruled out security/share issue on NetApp in office 2 because same laptop/user can connect to local NetApp shares while in the office or if he/she connects via DA and RDP to one of the local server
    - it does not sound like NetApp issue because I can connect via DA to office 1 where all works and connect via UNC directly to NetApp filer in office 2 and works

    only issue is if laptop connects via DA to office 2 and try to connect to NetApp shares either DFS or UNC directly to filer, everything else works. any ideas?
    BTW when user/laptop connects to office 2 via DA and try to ping name of netapp it will reply with IPv6 so connectivity is there


    Raf Woz

    Friday, May 1, 2015 6:17 PM

Answers

  • Hi Raf,

    According your description, it seems that the clients can connect to the DA servers in office 2 successfully.

    >>we just found out that I cannot access NetApp shares via UNC directly from DA servers so forget about DA client connectivity

    That's the root cause.

    First, please try to ping the NetApp server from the DA server. If timeout occurs, this should be a connectivity issue. Please check the route between the DA server and NetApp server.

    Second, if the connectivity is OK, please try to use nslookup to check if the FQDN of the NetApp server can be resolved.

    Besides, please check if the firewall blocks the application traffic.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 4, 2015 2:50 AM

All replies

  • Just to add to my original post, we just found out that I cannot access NetApp shares via UNC directly from DA servers so forget about DA client connectivity I'm assuming if we can figure out why I cannot access this one particular NetApp from both DA servers in this particular office 2 all other issues will be solved.

    Raf Woz

    Friday, May 1, 2015 6:36 PM
  • Hi Raf,

    According your description, it seems that the clients can connect to the DA servers in office 2 successfully.

    >>we just found out that I cannot access NetApp shares via UNC directly from DA servers so forget about DA client connectivity

    That's the root cause.

    First, please try to ping the NetApp server from the DA server. If timeout occurs, this should be a connectivity issue. Please check the route between the DA server and NetApp server.

    Second, if the connectivity is OK, please try to use nslookup to check if the FQDN of the NetApp server can be resolved.

    Besides, please check if the firewall blocks the application traffic.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 4, 2015 2:50 AM