locked
Direct Access Connectivity Internal to DA Client RRS feed

  • Question

  • Hi Technet!

    I have DA setup and working*. Setup as a single NIC behind a NAT. Client connects and can reach all servers and machine on the internal network.

    How can I can a machine on the internal network connecting to the client. IE initiate the connection. Internally if I try to ping the DA Client the name does not resolve. I have confirmed it has an entry in DNS with an IPv6 AAAA record.

    If I try to ping the Name from the DA Server the ping works.

    If I try to ping the Name from an internal client it does not resolve.

    If I try to ping the IPv6 IP I get a Transmit failed. General Failure.

    If I try to ping an Internal Client from the DA Client the ping succeeds. 

    Rather new to DA so I am guessing there might be some other setup required on the internal side for the internal clients to be able to 1 resolve IPv6 Address and also initiate connections to the DA Clients. I did think it was possibly needing a route added bu the fact it can return a ping from the DA Client to me means it knows how to route back.

    Cheers,


    Zac Avramides

    Tuesday, July 11, 2017 4:29 PM

Answers

  • Sorry for a delayed update.

    I got it working and then went on a holiday!

    For anyone else interested this is the link I used. By default connectivity from head office to DA client is not part of a DA setup.

    https://www.packtpub.com/books/content/configuring-manage-out-directaccess-clients

    Cheers,


    Zac Avramides

    Tuesday, August 1, 2017 10:02 AM

All replies

  • Hi ZAC85

    >>If I try to ping the Name from an internal client it does not resolve.

    You may turn on exhaustive debugging mode of NSlookup, this will display detailed information of name resolving process:

     >NSlookup

     >set d2

     >[name which you want to resolve]

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 12, 2017 7:00 AM
  • Thanks Candy,

    See below. The command you listed does return the IP. A ping directly after that still nothing though...

    R:\>nslookup
    Default Server:  DNSSERVER.Domain.local
    Address:  10.0.0.13

    > set d2
    > directaccesstest
    Server:  DNSSERVER.Domain.local
    Address:  10.0.0.13

    ------------
    SendRequest(), len 52
        HEADER:
            opcode = QUERY, id = 2, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            directaccesstest.Domain.local, type = A, class = IN

    ------------
    ------------
    Got answer (108 bytes):
        HEADER:
            opcode = QUERY, id = 2, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            directaccesstest.Domain.local, type = A, class = IN
        AUTHORITY RECORDS:
        ->  Domain.local
            type = SOA, class = IN, dlen = 44
            ttl = 3600 (1 hour)
            primary name server = DNSSERVER.Domain.local
            responsible mail addr = hostmaster
            serial  = 250156
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 52
        HEADER:
            opcode = QUERY, id = 3, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            directaccesstest.Domain.local, type = AAAA, class = IN

    ------------
    ------------
    Got answer (80 bytes):
        HEADER:
            opcode = QUERY, id = 3, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
            directaccesstest.Domain.local, type = AAAA, class = IN
        ANSWERS:
        ->  directaccesstest.Domain.local
            type = AAAA, class = IN, dlen = 16
            AAAA IPv6 address = XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
            ttl = 1200 (20 mins)

    ------------
    Name:    directaccesstest.Domain.local
    Address:  XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX

    >
    R:\>ping directaccesstest
    Ping request could not find host directaccesstest. Please check the name and try again.


    Zac Avramides


    • Edited by ZAC85 Wednesday, July 12, 2017 10:19 AM
    Wednesday, July 12, 2017 10:18 AM
  • Hi ZAC85

    Please try to disable NetBIOS to check if the problem still occurs.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 13, 2017 7:25 AM
  • Gave it a try. Still a no go. :(

    Zac Avramides

    Thursday, July 13, 2017 10:42 AM
  • Hi Zac Avramides,

    Thanks for your updating.

    Run the command of "ipconfig /flushdns" to flush your DNS cache and restart DNS service using "net stop dns & net start dns".

    If the problem stills occurs, you may need to use network monitor to analyze the process.

    Here is the download link:

    https://www.microsoft.com/en-sg/download/details.aspx?id=4865

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 14, 2017 7:18 AM
  • Hi ZAC85

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 18, 2017 6:58 AM
  • Sorry for a delayed update.

    I got it working and then went on a holiday!

    For anyone else interested this is the link I used. By default connectivity from head office to DA client is not part of a DA setup.

    https://www.packtpub.com/books/content/configuring-manage-out-directaccess-clients

    Cheers,


    Zac Avramides

    Tuesday, August 1, 2017 10:02 AM