locked
DirectAccess works just great, but pinging to internal resource does not get reply -> DA status "connecting" RRS feed

  • Question

  • DirectAccess Environment: W2K16 - Split mode - two nic and W10 Clients 

    Every newly installed win10 clients works perfect; We can ping ipv4 outer resource (for example google.com) and get replies, we can ping internal resources with hostnames and get ipv6 ping replies, DA status is connected. Everything is so smooth.

    But some bunch of older installation win10 clients cannot get ipv6 replies from internal resources. Ping resolve hostname but just cant get replies. Same setup and same GPOs than newly installed clients but these older installations had have some previous vpn-software before directaccess use. VPN-software is of course uninstalled. 

    With these older win10 clients we can ping outer resources with ipv4 and get replies, we can browse internal network folders etc and everything works great. Only thing is that we cannot ping internal resources with ipv6, no ping replies. That means DA status hangs "connecting" and teredo is not available. Only IP-HTTPS.

    Just wondering what is all the possible ipv6-ping-blockers for these "older" win10 clients. There must be some other settings than Windows firewall? I Have manually added ICMPv6 echo reply fw-rule to inbound/outbound but no success. 

    Re-install is the last option but it works (tried already with one old client) :) Any troubleshoot tips to go for or settings to focus more carefully to get ipv6 ping replies from internal resources? Thank you for any suggestions, I just cant imagine this anymore


    Tsiksuka

    Tuesday, December 19, 2017 6:34 PM

All replies