locked
DirectAccess Manage Out issues RRS feed

  • Question

  • So after scouring the Internet for a few days and trying several solutions, I am stumped.  I have a DirectAccess setup on a single Server 2016 with a single NIC behind a NAT.  I can access the network resources from an offsite location, so I know that DirectAccess is working in that respect, but it does not show any connected devices in the dashboard and I can not access off site equipment for remote management, or "Manage Out".  I feel this is a DNS issue, but I am not sure how I should go about correcting this so I can access these offsite laptops with our IT computers.  I have already added our computers to the management server list in the DirectAccess configuration, so what else do I have to do?  Thank you.
    Thursday, December 12, 2019 2:34 AM

Answers

  • I was finally able to solve this.  It was partly a DNS issue in the fact that the Internal DNS server needs to know where the IPV6 devices are on the Internet.  This blog by Jason Jones helped me figure this out... Limiting ISATAP Services to DirectAccess Manage Out Clients

    One important note is the naming of the ISATAP router in your internal DNS records.  DO NOT use the default "ISATAP.yourdomain.com" for the A record.  You must use a customized name like "myisatap.yourdomain.com" or "thisworksisatap.yourdomain.com". 

    Also, make sure to add your management machines into the Step 3, Infrastructure Servers in the Remote Access Management Console.  You just have to click on the Edit box, then edit the "Management Servers" list.  Do not use IP addresses, use the FQDN.  If you follow all of these steps, you should be able to make Manage Out work.  :)

    • Marked as answer by jtcrx Friday, December 13, 2019 3:20 PM
    Friday, December 13, 2019 3:20 PM