8

I've set up a DirectAccess server on Windows Server 2012 at my workplace. I'm using a Windows 8 Enterprise client to connect to it. It works fine over a mobile connection, but it fails when connecting from home. I've ruled out the firewall/router as the culprit as the issues persist when connecting the laptop directly to the cable modem.

I'm not sure where to begin to debug this, does anyone have any pointers? Both Teredo and IPHTTPS interfaces are up (although as the server is behind a NAT and we only have 1 public IP I understand that IPHTTPS is the only protocol that will be used).

The IPHTTPS tunnel also seems to be connected:

netsh interface httpstunnel show interfaces

Interface IPHTTPSInterface (Group Policy)  Parameters
------------------------------------------------------------
Role                       : client
URL                        : https://redacted:443/IPHTTPS
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

however the DirectAccess link can't be activated - get-daconnectionstatus cycles between

Status    : Error
Substatus : CouldNotContactDirectAccessServer

and

Status    : Error
Substatus : RemoteNetworkAuthenticationFailure

Any suggestions on how to attack this are appreciated!

Kjetil Limkjær
  • 1,983
  • 2
  • 15
  • 16
  • Does DNS resolve correctly for the domain you're trying to connect to? Can you connect to any other resource at the target domain/IP? If it works via ISP A (mobile) but not ISP B (home) it sounds like either the ISP is causing the packets to not make it or there is an issue with getting them there due to resolution. – Nathan V Nov 27 '12 at 09:44
  • DNS resolves correctly and I can reach other servers at the same location. I've tested at another location with a different ISP and it fails there as well, but it consistently works with the mobile ISP. If I connect through ISP A and switch to ISP B once the DirectAccess connection is up I will sometimes continue to get ping replies from internal servers, but the connection will drop as soon as I try to access a real service like a web- or fileserver. – Kjetil Limkjær Nov 27 '12 at 10:33
  • Were you able to resolve this? – Christopher Edwards Dec 05 '12 at 12:16
  • @christoper-edwards I am experiencing the same problems. It happens on some networks and not others but I cannot figure out the cause. Did you ever solve this? – user319862 Dec 24 '15 at 23:21

1 Answers1

2

Check your machine location setting with:

netsh dnsclient show state

be sure that "Machine Location:" says Outside corporate network, and that DA is configured

If this is the case and you still experience this, the following article: http://technet.microsoft.com/en-us/library/ee844114%28v=ws.10%29.aspx describes a few scenarios like your own

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95