IT tutorials
 
Technology
 

Windows 7 : Understanding DirectAccess Client Connections (part 5) - Troubleshooting DirectAccess Connections

12/2/2013 8:16:53 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

7. Troubleshooting DirectAccess Connections

The following list describes a number of areas in which a DirectAccess connection must be properly configured. You can use this list as a set of principles and procedures to help troubleshoot DirectAccess clients.

  • The DirectAccess client must have a global IPv6 address. (Global IPv6 addresses start with a 2 or 3.)

    Use the Ipconfig /all command on the DirectAccess client.

    If the DirectAccess client is assigned public IPv4 address, you should see an interface named Tunnel Adapter 6TO4 Adapter listed in the Ipconfig output. This interface should be configured with an address that starts with 2002. The Tunnel Adapter 6TO4 Adapter should also be assigned a default gateway.

    If the DirectAccess client is assigned a private IPv4 address, you should see a listing for a Teredo interface, and this interface should be configured with an address that starts with 2001.

    For IP-HTTPS, look for an interface named Tunnel Adapter Iphttpsinterface. Unless you had a native IPv6 infrastructure in place prior to running the DirectAccess Setup Wizard, the Tunnel Adapter Iphttpsinterface should be configured with an address that starts with 2002. The Tunnel Adapter Iphttpsinterface should also be assigned a default gateway.

  • The DirectAccess client must be able to reach the IPv6 addresses of the DirectAccess server.

    Use the Ipconfig /all command on the DirectAccess server. Note the global IPv6 addresses of the DirectAccess server. From the DirectAccess client, you should be able to ping any of the global IPv6 addresses of the DirectAccess server.

    If this attempt is not successful, troubleshoot the connection by looking for the break in IPv6 connectivity between the DirectAccess client and server.

    Use the following methods to help fix IPv6 connectivity breaks:

    If your DirectAccess client is assigned a private IPv4 address, ensure that the local Teredo client is configured as an enterprise client and that the IPv4 address of the DirectAccess server is configured as the Teredo server. To do so, type the following command:

    netsh interface teredo set state type=enterpriseclient servername= FirstPublicIPv4AddressOfDirectAccessServer

    If your DirectAccess client is assigned a public IPv4 address, ensure that the DirectAccess server IPv4 address is assigned as the 6to4 relay by typing the following command:

    netsh interface 6to4 set relay name= FirstPublicIPv4AddressOfDirectAccessServer

    If these methods fail, you can attempt to use IP-HTTPS to establish IPv6 connectivity to the DirectAccess server. To do so, type the following command:

    netsh interface httpstunnel add interface client https:// FQDNofDirectAccessServer/ IPHTTPS

    Note

    USING PING OVER IPSec

    To use Ping as a troubleshooting tool, ensure that Internet Control Message Protocol (ICMP) is exempt from IPSec protection between the DirectAccess client and the remote endpoint of the IPSec connection.

  • The intranet servers must have global IPv6 addresses.

    Use the Ipconfig /all command on any intranet server that cannot be contacted. The output of the command should list a global IPv6 address.

    If not, troubleshoot the IPv6 infrastructure on your intranet. For ISATAP networks, ensure that your DNS servers running Windows Server 2008 or later have the name ISATAP removed from their global query block lists. In addition, verify that the DirectAccess server has registered an ISATAP A record in the intranet DNS.

    Note

    USING IPV6/IPV4 NAT DEVICES

    If you are using a NAT-PT or NAT64 device to reach the intranet server, the intranet server will not have a global IPv6 address. In this case, ensure that the NAT-PT or NAT64 device has a global IPv6 address.

  • The DirectAccess client on the Internet must correctly determine that it is not on the intranet.

    Type netsh namespace show effectivepolicy to display the NRPT on the DirectAccess client. You should see NRPT rules for the intranet namespace and an exemption for the fully qualified domain name (FQDN) of the network location server.

    If not, determine the network location server URL by typing the following command:

    reg query
    HKLM\software\policies\microsoft\windows\NetworkConnectivityStatusIndicator\
    CorporateConnectivity /v DomainLocationDeterminationUrl

    Ensure that the FQDN of this URL either matches an exemption entry or does not match the DNS suffix for your intranet namespace in the NRPT.

  • The DirectAccess client must not be assigned the domain firewall profile.

    Type netsh advfirewall monitor show currentprofile to display the attached networks and their determined firewall profiles. If you have not yet established a DirectAccess connection, none of your networks should be in the Domain profile.

    If any of your networks has been assigned the domain profile, determine if you have an active remote access VPN connection or a domain controller that is available on the Internet, and disable that connection.

  • The DirectAccess client must be able to contact its intranet DNS servers through IPv6.

    Type netsh namespace show effectivepolicy on the client to obtain the IPv6 addresses of your intranet DNS servers. Ping these IPv6 addresses from the DirectAccess client.

    If not successful, locate the break in IPv6 connectivity between the DirectAccess client and the intranet DNS servers. Ensure that your DirectAccess server has only a single IPv4 default gateway that is configured on the Internet interface. Also ensure that your DirectAccess server has been configured with the set of IPv4 routes on the intranet interface that allow it to access all of the IPv4 destinations of your intranet.

  • The DirectAccess client must be able to use intranet DNS servers to resolve intranet FQDNs.

    Type nslookup IntranetFQDN IntranetDNSServerIPv6Address to resolve the names of intranet servers (for example: nslookup dc1.corp.contoso.com 2002:836b:2:1::5efe:10.0.0.1). The output should display the IPv6 addresses of the specified intranet server.

    If the intranet DNS server cannot be contacted, troubleshoot connectivity to that DNS server. If the server can be contacted but the server name specified is not found, troubleshoot the intranet DNS. (Determine why a AAAA record for the intranet server is not available.)

  • The DirectAccess client must be able to reach intranet servers.

    Use Ping to attempt to reach the IPv6 addresses of intranet servers.

    If this attempt does not succeed, attempt to find the break in IPv6 connectivity between the DirectAccess client and the intranet servers.

  • The DirectAccess client must be able to communicate with intranet servers using application layer protocols.

    Use the application in question to access the appropriate intranet server. If File And Printer Sharing is enabled on the intranet server, test application layer protocol access by typing net view \\IntranetFQDN.
 
Others
 
- Windows 7 : Understanding DirectAccess Client Connections (part 4) - Configuring IPv6 Internet Features on the DirectAccess Server Manually
- Windows 7 : Understanding DirectAccess Client Connections (part 2) - Understanding DirectAccess Infrastructure Features
- Windows 7 : Understanding DirectAccess Client Connections (part 1) - Understanding DirectAccess and IPv6 Transition Technologies
- Windows Server 2011 : Managing Remote Access - Fixing Network Problems
- Windows Server 2011 : Virtual Private Networks (part 2) - Configure VPN Permissions
- Windows Server 2011 : Virtual Private Networks (part 1) - Enabling VPNs
- LINQ to SharePoint and SPMetal : Querying Data Using LINQ to SharePoint (part 4) - Joining Tables Using LINQ
- LINQ to SharePoint and SPMetal : Querying Data Using LINQ to SharePoint (part 3) - Result Shaping Using LINQ
- LINQ to SharePoint and SPMetal : Querying Data Using LINQ to SharePoint (part 2) - Performing a Simple Query
- LINQ to SharePoint and SPMetal : Querying Data Using LINQ to SharePoint (part 1) - Query Limitations
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us