Tech Tools‎ > ‎Tricks and Tips‎ > ‎

DirectAccess Intranet Connectivity

posted Feb 26, 2010, 11:21 PM by Chris McKown   [ updated May 14, 2010, 6:54 PM ]
I just deployed Microsoft's new DirectAccess Server role for a customer, and was able to PING intranet resources from the windows 7 client. However I could not get any other connectivity. The infrastructure tunnel came up every time without fail, but the intranet tunnel never would. After two days, I finally figured out what was preventing the second tunnel to start.

IPv6 was disabled on the IP4 internet facing interface on the DA server. I enabled IPv6, rebooted, and now the 7 clients have perfect intranet connectivity (at least with toredo). 

I have not had a chance yet to test 6to4 or IP-HTTPS.

 - Cheers


Update: two issues (one with IP-HTTPS and one with 6to4)

1. There exists a scenario (and we encountered it) wherein the Directaccess setup GUI is unable to sucessfully assign a certificate to the IP-HTTPS interface. After several days on support with microsoft they diagnosed this issue and ran us through the NETSH commands to assign the certificate manually. If you have encountered this problem and would like to see what microsoft gave us for a workaround, email me at directaccess -at- shoggg.com and I will be glad to send instructions your way.

2. Our Corporate firewall is a Sonicwall NSA2400, and apparently the current firmware revision does not support passing 6to4 (protocol 41) yet. We had to reroute our traffic and bypass the sonicwall for now to enable 6to4 to work.

Update 2: The sonicwall was not the problem after all. We had missed an old NAT policy that was NATing outbound traffic for our DA server - this NAT only affected the 6to4 as it explicitly is designed to be routed WITHOUT NAT. Anyway, we have it all working now.

Now we are testing folder redirection and offline files sync, and all the issues that entails.
Comments