Problems with some DA clients RRS feed

  • Question

  • Hi,

    I will try to ask this as good as I can, but it won't be easy.

    I have UAG SP1 setup with DirectAccess and it works like a charm usually. The customer has chosen two users that will test DA, and for some reason I can't get their computers to connect under some circumstances. I've setup multiple virtual Windows 7 machines that works with no issues at all from my office. Haven't tried thsoe specifically at the client's though. I do have a test laptop that is a member of the client's domain which can connect both from my office using either 6to4, Teredo or IPHTTPS and from the client's office.

    The client has a desktop computer that I've tried enabling DA for and that works just fine too, when I put it on their guest network. The client has an image using SCCM to deploy clients and as far as I know, the desktops and laptops use the same image. One of the test users had his laptop reinstalled but it won't work with DA after that. Before, it would actually work most of the time. He had some issues with his laptop and chose to reinstall it. The other test user has a laptop that hasn't been reinstalled. I took a laptop from my office (same brand, same model as the client's) and used SCCM at the client's to install it. My laptop works like a charm, no matter if I'm at their guest network or if I'm at my office.

    Today, I borrowed one of the laptops that doesn't work with DA and set it up at my office. It worked with DA right away. I brought it back to the client and I tested it on their wireless guest network and DA worked as it should. Unfortunately, the user was not at his place so I couldn't talk to him. I left the computer and 30 minutes later, he called me and tried connecting. Now it refused again. The difference now is that I have a domain admin account while his user is just a normal user.

    I setup another virtual Windows 7 and never logged on as a domain admin, only as a test user. It worked after the first reboot.

    The only errors I get in the event viewer on a non-working computer are two 4653 messages telling me that the connection timed out.

    Any ideas, please?

    • Edited by Moosehunter Friday, May 13, 2011 1:45 PM Missed a few words
    Friday, May 13, 2011 1:25 PM

All replies

  • It may be something specific to their environement then...unless I have missed something above ;)

    Are they using public IP addresses on their network?

    Maybe this too: http://blogs.technet.com/b/tomshinder/archive/2010/05/27/directaccess-and-teredo-adapter-behavior.aspx

    Also check they are not using an authenticating web proxy or blocking outbound teredo...



    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, May 13, 2011 2:13 PM
  • Pretty sure there's "something" specific with their environment but after deploying a new computer with the same image, same applications and same updates, mine worked and theirs don't ;)

    Nope, they are using 192.168.x.x on their local network. The guest network is also 192.168.x.x but on a different subnet of course.

    I get Teredo, 6to4 and IPHTTPS to work on the computers I have configured. I know the article you mention about Teredo, and I'm aware of how Teredo works.

    They do use a web proxy setting in IE on their company network, but it's not a requirement. On the guest network, there are no such requirements. It's just a simple NAT gateway with and ADSL connection to the Internet.

    Actually I thought I was close to a solution the other day when I configured a virtual Win7 and after a certain update (don't remember the KB now), DA would stop working. After replacing the computer certificate while connected using PPTP, I was able to connect using DA again.

    Friday, May 13, 2011 6:22 PM