none
DA: ManageOut connectivity working after several minutes RRS feed

  • Question

  • Some questions related to Direct Access ManageOut.

    Situation:
    • Windows 8.1 clients
    • 2 Windows 2012 DA servers (DA1 & DA2): each have 2 adapters. Windows NLB on both internal and external interfaces
    • ManageOut configured as per Jason Jones article: custom ISATAP record distributed using GPO (DNS has 2 DIP & 1 VIP registered for this record)

    Questions:
    • Is it true that if a DA client has a session over DA1 that
    o Pinging Client on DA1 will succeed
    o Pinging Client on DA2 will fail
    • Is it true that the route on the ManageOut PC will always point to the IPv6 address (with the NLB VIP IPv4 embedded) of the ISATAP router
    • Suppose the ManageOut PC is talking to both Client1 (active over DA1) and Client2 (active over DA2), will it talk with the ISATAP router on both DA servers _OR_ will it talk with one of the DA servers, e.g. DA1, and will that DA server use the “forwarding” feature to redirect traffic for Client2 to the DA2?

    Why the questions?

    In our situation we seem to have a working manage out configuration. Working means both ping and for instance computer management (compmgmt.msc) works from LAN to DA Client. However, in certain cases both ping and compmgmt.msc seem to fail. In all cases leaving the ping command open (ping –t) suddenly results in the ping replying consistenly. This happens anywhere from several minutes up to more than 15 minutes.

    Remark: I cannot say this for sure, but I gathered a trace using Windows Network Monitor (on my ManageOut pc), and I would swear I saw the Echo Reply _ALL THE TIME_ even though my command prompt says “request timed out”. So that would point to something on my ManageOut client “dropping” the traffic. Any clues?


    http://setspn.blogspot.com

    Thursday, January 16, 2014 7:56 AM

All replies

  • Nobody?

    I looked more into this. It seems that my client is sending out "echo requests" for several minutes and suddenly I see "echo request, echo reply". On the DA server I see "echo request, echo reply" all the time.

    So it seems that my DA server is only returning traffic through the isatap router interface after several minutes. On my client I did netsh int ipv6 show potentialrouters and all 3 IP's are listed: 2x DIP and 1x VIP.

    Anyone having an idea why traffic seems to dropped for a while and then goes through?


    http://setspn.blogspot.com

    Wednesday, January 22, 2014 11:59 AM