In our company most of our employees are mobile, so we have a DirectAccess environment setup to allow for access to the internal network remotely. We also have a RemoteApp setup so we can easily deploy programs to the employees. Unfortunately, these two technologies don't seem to be compatible for us. When a computer connected over DirectAccess tries to connect to a RemoteApp, the user will encounter an error "The login attempt failed". The obvious solution, that the login is incorrect, was ruled out when the connection works when the user is connected to the corporate network. The login also works if the connection is done over a non-directaccess connection (If the DirectAccess server is manually turned off or if the computer is not domain joined). The issue only arises when the connection is attempted over directaccess. In my Googling I've seen that enabling ISATAP is the solution but I've done this and it doesn't seem to help. I was able to get a different error (the remote computer is not available) for a short time and then it went back to the same "login attempt failed".
My setup is a bit unusual in that I have a .local domain environment but the RemoteApp connection is done over a domain.com URL via a Gateway server. This was done to allow non-domain joined computers access to the applications (We have a small number of employees who use Macs). The RemoteApp GPO points to the .com URL rather than the .local of the connection broker for simplicity's sake. The majority of the company is on Windows 10 laptops. All of the servers (RemoteApp and DirectAccess) are running Server 2012 R2.
Has anyone run into this issue before? Do I need to remove the gateway and have all of the connections done with the .local domain? Is there a trick to configuring the ISATAP router? Thanks in advance for the help.
