none
DirectAcess IP Connectivity issue RRS feed

  • Question

  • 

    Hi,

    Our DirectAccess client started to fail to connect to internal network.  The netsh dnsclient show state shows that Direct Access is configured and enabled when connecting outside the network but the DNS does not seem to be working.  We are not aware of when the issue started but the connection use to work ok and no change has been made on the Direct Access configuration.  Below are the screen shoot from the DA troubelshoot tool and also the debug log.  Can you please assist?

    Debug log:

    [12/05/2014 11:10:31 AM]: In worker thread, going to start the tests.
    [12/05/2014 11:10:31 AM]: Running Network Interfaces tests.
    [12/05/2014 11:10:31 AM]: Wi-Fi (Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter): fe80::132:700b:6ed3:3e5a%13;: 192.168.43.254/255.255.255.0;
    [12/05/2014 11:10:31 AM]: Default gateway found for Wi-Fi.
    [12/05/2014 11:10:31 AM]: Wi-Fi has configured the default gateway 192.168.43.1.
    [12/05/2014 11:10:31 AM]: Default gateway 192.168.43.1 for Wi-Fi replies on ICMP Echo requests, RTT is 1 msec.
    [12/05/2014 11:10:42 AM]: The public DNS Server (8.8.8.8) does not reply on ICMP Echo requests, the request or response is maybe filtered?
    [12/05/2014 11:10:42 AM]: The public DNS Server (2001:4860:4860::8888) does not reply on ICMP Echo requests, the request or response is maybe filtered?
    [12/05/2014 11:10:42 AM]: Running Inside/Outside location tests.
    [12/05/2014 11:10:42 AM]: NLS is https://calcium.dtl.local/.
    [12/05/2014 11:10:43 AM]: NLS is not reachable via HTTPS, the client computer is not connected to the corporate network (external) or the NLS is offline.
    [12/05/2014 11:10:43 AM]: NRPT contains 2 rules.
    [12/05/2014 11:10:43 AM]: Found (unique) DNS server: 2002:ca25:a235::ca25:a235
    [12/05/2014 11:10:43 AM]: Send an ICMP message to check if the server is reachable.
    [12/05/2014 11:10:43 AM]: DNS Server 2002:ca25:a235::ca25:a235 does not reply on ICMP Echo requests.
    [12/05/2014 11:10:43 AM]: Running IP connectivity tests.
    [12/05/2014 11:10:43 AM]: The 6to4 interface is disabled.
    [12/05/2014 11:10:44 AM]: Teredo inferface status is offline.
    [12/05/2014 11:10:44 AM]: The configured DirectAccess Teredo server is 202.37.162.52 (Group Policy).
    [12/05/2014 11:10:44 AM]: The IPHTTPS interface is not operational, last error code is 0x32.
    [12/05/2014 11:10:44 AM]: The IPHTTPS interface status is IPHTTPS interface administratively disabled.
    [12/05/2014 11:10:44 AM]: Error - no IPv6 transition technology is operational!
    [12/05/2014 11:10:44 AM]: The configured IPHTTPS URL is https://directaccess.designertech.co.nz:443.
    [12/05/2014 11:10:44 AM]: IPHTTPS has a single site configuration.
    [12/05/2014 11:10:44 AM]: IPHTTPS URL endpoint is: https://directaccess.designertech.co.nz:443.
    [12/05/2014 11:10:44 AM]: Successfully connected to endpoint https://directaccess.designertech.co.nz:443.
    [12/05/2014 11:10:44 AM]: No response received from dtl.local.
    [12/05/2014 11:10:44 AM]: Running Windows Firewall tests.
    [12/05/2014 11:10:44 AM]: The current profile of the Windows Firewall is Public.
    [12/05/2014 11:10:44 AM]: The Windows Firewall is enabled in the current profile Public.
    [12/05/2014 11:10:44 AM]: The outbound Windows Firewall rule Core Networking - Teredo (UDP-Out) is enabled.
    [12/05/2014 11:10:44 AM]: The outbound Windows Firewall rule Core Networking - IPHTTPS (TCP-Out) is enabled.
    [12/05/2014 11:10:44 AM]: Running certificate tests.
    [12/05/2014 11:10:45 AM]: Found 1 machine certificates on this client computer.
    [12/05/2014 11:10:45 AM]: Checking certificate CN=WINNIE-PC.dtl.local with the serial number [7ED55147000800001810].
    [12/05/2014 11:10:45 AM]: The certificate [7ED55147000800001810] contains the EKU Client Authentication.
    [12/05/2014 11:10:57 AM]: The trust chain for the certificate [7ED55147000800001810] was sucessfully verified.
    [12/05/2014 11:10:57 AM]: Running IPsec infrastructure tunnel tests.
    [12/05/2014 11:10:57 AM]: Failed to connect to domain sysvol share \\dtl.local\sysvol\dtl.local\Policies.
    [12/05/2014 11:10:57 AM]: Running IPsec intranet tunnel tests.
    [12/05/2014 11:10:57 AM]: Running selected post-checks script.
    [12/05/2014 11:10:57 AM]: No post-checks script specified or the file does not exist.
    [12/05/2014 11:10:57 AM]: Finished running post-checks script.
    [12/05/2014 11:10:57 AM]: Finished running all tests.

    Thanks

    Winnie

    Sunday, May 11, 2014 11:22 PM

All replies

  • Hi

    While reaning you log, I noticed Error code 0x32 for the IPHTTPS interface. It means that IPHTTPS transition protocol was disabled. Please have a look at this http://support.microsoft.com/kb/929852/en-us to be sure that one or more IPV6 interfaces are not disabled.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, May 12, 2014 9:35 AM