0

To get in compliance with the new NIST 800-171 standard, we are re-evaluating our VPN for remote employees, and the head honcho would really like to use DirectAccess for any employees that will come in contact with CUI. The issue is I for the life of me can never get a DirectAccess server up and running properly. I've followed every online article I could find and even tried the book Implementing DirectAccess with Windows Server 2016 by Richard M. Hicks to still no avail.

I basically keep getting stuck at the Operational Status page with the status for IP-HTTPS always in an unknown state. I was able to restart the configuration task in Task Scheduler, and look at Event Viewer to show me the errors/information, and here is a breakdown of what I received this last time.

Event Viewer log

Event ID 10062's Description:

Event ID 10062

Event ID 10029's Description:

Event ID 10029

This error led me to believe that it was a configuration issue and so I searched around and tried as many fixes as I could like removing the configuration and starting over, reinstalling the whole machine, removing network adapters from Device Manager. I still was unable to get this error to go away.

Even ID 10019's Description:

Event ID 10019

I haven't found a whole lot on this event, but plan to keep looking as well.

I'm not sure but I feel like this is an issue as well, but not sure if it's a cause or a symptom of the event errors, but the Operation Status page in Remote Access Management shows this error:

Configuration Status

This is really stumping me, and I have not been able to figure it out. When creating a test Windows 10 Enterprise machine, it gets the GPOs that are needed, and shows that it is connected via local connection to the domain when connected in house, but when I take it outside and connect to a different WiFi network it shows it connects, but I am unable to access any networked computers. Not sure if thats an error or supposed to be that way. But I feel its an issue since the Remote Access Dashboard shows no connected clients and no total transferred data.

hightekjonathan
  • 103
  • 5
  • A lot of the problems I have seen with IP-HTTPS have been cert related. Have you check that your certificate is correct? Is it a cert that issued from a CA trusted by the direct access server? Does it have valid start end times, does it have the correct properties? – Zoredache Mar 16 '18 at 21:23
  • @Zoredache when I tried using the companies Windows CA it kept crashing the installer, so I went with just self-signed certificates generated when configuring the feature. Should I try re-installing and keep trying to get it to use the domain's CA to issue certificates? – hightekjonathan Mar 16 '18 at 21:31
  • The self-signed cert isn't ideal in the long run, but it should be working at least, since the installer should set everything properly. Hrm.. – Zoredache Mar 16 '18 at 21:34
  • @Zoredache that’s what I was thinking. So far we’re just trying to get a testing setup to even try. But it’s been months of me trying to get it working and never getting any farther than this point. It’s behind a pfsense firewall doing a 1:1 with NAT disables since I read direct access doesn’t work behind a nat. But that doesn’t seem to be the issue currently since I’m getting configuration errors instead of connectivity errors. – hightekjonathan Mar 17 '18 at 23:18

0 Answers0