none
DirectAccess: internal dns resolve on DirectAccess client does not work RRS feed

  • Question

  • Hi,

     

    I have the following problem:

    Everything first worked. Now whatever I do, the internal dns on the directaccess client does not work anymore. Outside dns are doing fine.

    I can ping the dns client name from the server machines, but from the client I cannot ping the servers by dns. If I ping the ipv6 ip of the servers this also works.
    So I guess it has troubles with finding the local dns, but I have no clue why since this worked before and as far as I know I did not change anything to the config.

    Thanks for your help

     

    Kind regards
    Jo

    Saturday, April 10, 2010 8:27 AM

Answers

  • Hi,

     

    It is not a UAG deployment, but standalone. I see I probably started in the wrong forum.
    I found out the problem. Sounding somewhat contradictory on first sight, but the cause was the disabled windows firewall.

    I saw that the authenticating part is arranged via the windows firewall. So disabling it, actually makes that DirectAccess no longer works.

    • Marked as answer by _JGO_ Monday, April 12, 2010 3:05 PM
    Monday, April 12, 2010 3:04 PM

All replies

  • >netsh namespace show effectivepolicy

    DNS Effective Name Resolution Policy Table Settings

    Settings for .testnetwork.local
    ----------------------------------------------------------------------
    Certification authority                 : DC=local, DC=testnetwork, CN=testnetwork-TELECDC-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              : 2002:c009:c82a:1:0:5efe:10.0.0.1
    DirectAccess (Proxy Settings)           : Bypass proxy

    Settings for da1.testnetwork.local
    ----------------------------------------------------------------------
    Certification authority                 : DC=local, DC=testnetwork, CN=testnetwork-TELECDC-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              :
    DirectAccess (Proxy Settings)           : Bypass proxy


    This shows that the correct dns server is found for the domain (2002:c009:c82a:1:0:5efe:10.0.0.1 = DC)
    No idea if I should see a DNS server for the second also (directaccess server)
    Saturday, April 10, 2010 8:42 AM
  • Hi J,

    This is a bit odd - as the UAG server's DNS64 should be resolving names for the DA clients, not an internal DNS server.

    Is this a UAG DA deployment?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Monday, April 12, 2010 2:01 PM
    Moderator
  • Hi,

     

    It is not a UAG deployment, but standalone. I see I probably started in the wrong forum.
    I found out the problem. Sounding somewhat contradictory on first sight, but the cause was the disabled windows firewall.

    I saw that the authenticating part is arranged via the windows firewall. So disabling it, actually makes that DirectAccess no longer works.

    • Marked as answer by _JGO_ Monday, April 12, 2010 3:05 PM
    Monday, April 12, 2010 3:04 PM
  • Yes, that is true.

    The Windows Firewall must be enabled on both the DA client and DA server.

    Good to hear you got it working and thanks for the follow up!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Tuesday, April 13, 2010 3:53 PM
    Moderator