none
DirectAccess Network Adapter Warning - Corporate network route publish

    Question

  • Hi - I'm hoping someone can help shed some light on an error I am getting on a DirectAccess Server.

    This is a fresh installation and from what I can see, clients are having no issues connecting.

    The configuration of our server is on a solely IPv4 network running DA on a single network adapter. We are using IPHTTPS only.

    The error I am receiving is: DirectAccess clients cannot connect to all resources on the corporate network.

    What I am unclear on is what routes I will need to set and why DA hasn't created it automatically? The only thing I can think is that the network adapter already had a static IPv6 address assigned when I started configuring DA so it didn't have full control over as much as usual.

    Any help would be most greatly appreciated.

    Many thanks,

    Chris



    samedi 23 juin 2018 23:41

Toutes les réponses

  • Hi.

    what happen if you ping your resource?

    Is your resource registered in the dns?

    please provide example of your fqdn, and which dns suffix and settings you configured in the direct access infrastructure service.

    Joerg

    jeudi 5 juillet 2018 15:06
  • What I am unclear on is what routes I will need to set and why DA hasn't created it automatically? The only thing I can think is that the network adapter already had a static IPv6 address assigned when I started configuring DA so it didn't have full control over as much as usual.



    Hi. The only routing you might need to configure is this: 

    Still, with single AD domain name structure, your AD's fqdn will be added here with IPv6 automatically, which means that traffic into your internal domain will be routed via DA server, as designed.

    Static IPv6 is okay. You might want to check, is the IPv6 prefix the same as in DA Client GPO policies. DA server should generate IPv6 prefix and IPv6 subnet based on LAN configuration and write it to the client policies. After this, from client side first thing to check is, that do the clients receve the same IPv6 prefix as they should, based on GPO.

    Most commin mistake in DA is, that clients can´t reach NLS and they cannot decide, are they in corporate network or external.


    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.


    • Modifié yannara lundi 9 juillet 2018 14:00
    lundi 9 juillet 2018 13:58