none
Windows 7 and DirectAccess 2012

    Question

  • I already configure DirectAccess 2012. I also configure it to support Windows 7. (I have no Windows 8 right now)

    Windows 7 is Ultimate edition.

    But it cannot connect to DA2012 server from internet.

    Since there is only one NIC on DA2012 server, I think client should use IPHTTPS to connect in.

    Router already DMZ one real IP to DA2012 intranet IP.

    But IPHTTPS still cant connect.

    First question is when DA2012 has one NIC, can Windows 7 connect DA? (UAG needs 2 NIC, so I want to make sure.)

    Second, how do I troubleshoot it?

    George


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/

    Monday, October 1, 2012 10:41 AM

Answers

  • Hi,

    Yes it should work just fine with a 1-nic setup.
    With your setup you can only use IPHTTPS, that is correct.

    To troubleshoot,
    Have you verified that the client trusts the certificate that you use for IPHTTPS?
    You can test this, and the connectivity through your NAT firewall by simply browsing to your IPTTHPS url from your client.

    Do you have the NLS placed on your DA server?
    If so, there is a note of opening port 62000 in this technet article: http://technet.microsoft.com/en-us/library/hh831743.aspx

    Quote: "IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound. When the Remote Access server has a single network adapter, and the network location server is on the Remote Access server, then TCP port 62000 is also required."

    I read in another forum thread that people have gotten it to work without this opening, and haven't tested that specific setup yet so cannot comment on if it's needed or not.
    But if you have a problem with your setup, it is a pretty simple step to add to your tests.


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Proposed as answer by Jonas Blom Wednesday, October 3, 2012 3:15 PM
    • Marked as answer by Rick TanModerator Monday, October 8, 2012 8:35 AM
    Tuesday, October 2, 2012 6:41 AM

All replies

  • Hi,

    Yes it should work just fine with a 1-nic setup.
    With your setup you can only use IPHTTPS, that is correct.

    To troubleshoot,
    Have you verified that the client trusts the certificate that you use for IPHTTPS?
    You can test this, and the connectivity through your NAT firewall by simply browsing to your IPTTHPS url from your client.

    Do you have the NLS placed on your DA server?
    If so, there is a note of opening port 62000 in this technet article: http://technet.microsoft.com/en-us/library/hh831743.aspx

    Quote: "IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound. When the Remote Access server has a single network adapter, and the network location server is on the Remote Access server, then TCP port 62000 is also required."

    I read in another forum thread that people have gotten it to work without this opening, and haven't tested that specific setup yet so cannot comment on if it's needed or not.
    But if you have a problem with your setup, it is a pretty simple step to add to your tests.


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Proposed as answer by Jonas Blom Wednesday, October 3, 2012 3:15 PM
    • Marked as answer by Rick TanModerator Monday, October 8, 2012 8:35 AM
    Tuesday, October 2, 2012 6:41 AM
  • Hi,

    Yes it should work just fine with a 1-nic setup.
    With your setup you can only use IPHTTPS, that is correct.

    To troubleshoot,
    Have you verified that the client trusts the certificate that you use for IPHTTPS?
    You can test this, and the connectivity through your NAT firewall by simply browsing to your IPTTHPS url from your client.

    Do you have the NLS placed on your DA server?
    If so, there is a note of opening port 62000 in this technet article: http://technet.microsoft.com/en-us/library/hh831743.aspx

    Quote: "IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound. When the Remote Access server has a single network adapter, and the network location server is on the Remote Access server, then TCP port 62000 is also required."

    I read in another forum thread that people have gotten it to work without this opening, and haven't tested that specific setup yet so cannot comment on if it's needed or not.
    But if you have a problem with your setup, it is a pretty simple step to add to your tests.


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    Hi Jonas,

    I just wanted to post up to say thanks very much for this hint. Opening port 62000 on my router and forwarding to the DA Server (which is also my NLS server) was the fix I need and I'm now writing this whilst connected to my internet sharing on my phone, browsing my file server from my Windows 7 machine via the DirectAccess 2012. You're a legend sir; great work.

    Thanks,

    Barry


    • Edited by Berabi1 Wednesday, November 28, 2012 9:04 PM
    Wednesday, November 28, 2012 9:03 PM
  • Hi Barry,

    Glad to hear it helped you get your DA setup to work, and thanks for the compliment :)

    //Jonas


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    Thursday, November 29, 2012 7:33 PM