Direct Access - Down - DNS Issues


  • Hello, we have an issue with our Direct Access deployment (running on Windows Server 2012). Our users get and stay connected typically without issue.  For a reason we do not know, some users will occasionally drop their Direct Access connection and gets stuck on connecting... (not sure why).  However, when this happens, they begin to have a lot of DNS issues while Direct Access is not connected.

    For example, we use a split brain DNS, so our public DNS name (ie. has to be listed in our Direct Access DNS List in Direct Access (specified in page 2 "DNS" of the Step 3 Direct Access Wizard).  Because of this, when they go off Direct Access, they can no longer access resources that are available externally (such as company website ( and OWA (  How do we configure this, to when Direct Access is not connected (ie. down), the system will just use DNS configured on the NIC (local DNS) and resolve the host name to the external IP address (which they can then access)?

    We have tried both settings in the Direct Access wizard: "Use local name resolution if the name does not exist in DNS or DNS servers are unreachable when the client computer is on a private network (recommended)" and "Use local name resolution for any kind of DNS resolution error (least restrictive)"; neither of them make any difference and resolutions still fail.

    Any thoughts on how to fix this?  Thanks!

    Thursday, March 21, 2013 9:55 PM

All replies

  • I have the same problem. Any answers?
    Tuesday, November 19, 2013 10:10 PM
  • You don't mention what client OS you are having.

    For the reconnect issue, if is Windows 7, have a look at 

    Or take your pick from

    Regarding your issue on DNS, I do recommend that you put any known names that are accessible externally (e.g. mail.domain.tld) in the NRPT so that they are not accessed through the tunnel. This will help the client. 

    Hth, Anders Janson Enfo Zipper

    Thursday, November 21, 2013 10:06 AM
  • Anders is very right for the NRPT (Name Resolution Policy Table), entries present there will always work, independently if DA is up or down.

    An additional comment on DNS: have you tried overriding DNS resolution by checking "Use local DNS" in the DirectAccess Connectivity Assistant on the client? For Windows 7 this is an additional piece of software that first needs to be configured via GPO, then rolled out to the DirectAccess clients.


    Thursday, November 21, 2013 1:02 PM