locked
Windows 10 clients will not connect once Window 7 clients checkbox selected RRS feed

  • Question

  • Hi there, 

    I have DirectAccess setup with single NIC, behind a firewall. (IP_HTTPS protocol) I got my Windows 10 clients working initially, then decided to work on getting Windows 7 clients going. So I created the necessary certificates, configured the DCA for Windows 7 then went in to the console and checked 'Enable Windows 7 client computers to connect via DirectAccess'. It worked! However, I went back to my Windows 10 client, and it was now just stuck at 'Connecting'.

    When I ran the Directaccess troubleshooter, the Certificate test passed, but it could not create either the Infrastructure tunnel or the User tunnel.

    If I uncheck enable Windows 7 clients, uncheck certificates, update policies on my clients then it goes back the other way - Windows 10 will connect, Windows 7 will not.

    Any help would be appreciated, I have been trying to figure this out for awhile now.

    Monday, June 20, 2016 10:58 PM

All replies

  • Hi,

    Have you enabled the IPsec audit mode to see why your Windows 10 clients are not creating the tunnels?

    auditpol.exe /set /subcategory:"IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode" /success:enable /failure:enable

    Enable the audit on both client and server then check the security log in Event Viewer.

    Gerald

    Thursday, June 23, 2016 11:51 AM
  • Figured I would update this.

    Thanks for the tip Gerald, however I ended up not having to enable audit mode.

    With some help from Richard Hicks, I found out the certificate I was issuing was MD5 hash, it needed to be at least SHA1 for Windows 10 client to connect. So I upgraded our CA (to SHA256), reissued the certificates, and I am now in business!

    Thanks again to Richard, he's one the best resources out there for DirectAccess.

    • Proposed as answer by ADP_Nate Thursday, June 23, 2016 7:00 PM
    Thursday, June 23, 2016 7:00 PM