Connecting to Office Corporate Network (CorpNet) using Windows 7 DirectAccess on TATA Photon+ & RELIANCE NetConnect Broadband Internet Services

Connecting to Office Corporate Network (CorpNet) using Windows 7 DirectAccess on TATA Photon+ & RELIANCE NetConnect Broadband Internet Services

  • Comments 11
  • Likes

We have released Windows 7 & Windows Server 2008 R2 last year. One of the features that we had deployed internally was DirectAccess. You must have heard about DirectAccess many times during our New Efficiency and similar set of launch events. We have been telling Better Together story with Windows 7 & Windows Server 2008 R2. Win 7 Blue

From the blog topic you must have received some hint what am I going to cover in today’s post. Exactly the same thing i.e. Connecting to your Office Corporate Network using TATA Photon+ and Reliance NetConnect. I believe that many users are connecting to the Internet by using various options such as ADSL, Wireless, ISDN etc. DirectAccess feature works well seamlessly for most of the connections such Wireless at home, hotel, airports etc. I will be covering about connectivity in India where we have some of the major players offering high speed CDMA broadband connection. These players are TATA Photon+ and Reliance NetConnect Broadband. Both of them offer up to 3.1 Mbps connectivity but anyways we won’t go into that discussion. We will cover specifically connecting to CorpNet using TATA Photon+ and Reliance NetConnection because the very simple fact is that most of the users not able to use DirectAccess feature over these Internet Connection.

I have been on to DirectAccess pilot since long time and by the time I joined it’s been an amazing experience connecting to CorpNet without going through standard VPN/RAS dialing process. But the sad part when I was not able to connect to my CorpNet using TATA Photon+ Card. I am using Tata Photon+ from last December but every time I was trying to connect to my CorpNet using DirectAccess there was no success and I was using regular RAS/VPN process. The same case happened even by trying out Reliance NetConnect Broadband. I tried different settings but no luck and then I decided to let it go. Later I got to know that most of colleagues are also facing similar problem and not able to leverage the DirectAccess feature.

So, last week I was travelling and by that time I decided to find a solid conclusion before quitting

and asking for the product group. And here it is how I found the solution to this problem and here are my findings.

Checking DirectAccess Status

Trying to connect to CorpNet Environment using TATA Photon+ Internet.

Here is the standard TATA Photon+ Dialer, I will click on Connect to get connected to Internet.

The Reliance Dialer looks exactly similar except the logo in the right corner. Basically the complete software is designed by HUAWEI Technologies Co., Ltd.

image1

In the red box, it is the actual profile or the actual Dial Up Connection created by the Huawei Access Manager.

 

Let me try connecting to my computer in corporate environment, say aviraj-demo is my server in my Microsoft office environment. A minute after connecting to the internet, I will try to ping it and I get the reply in IPv6 format. It means by DirectAccess seems to be operational so far on my machine but not completely functional. Let’s test it.

image2

DirectAccess Attempt #1: Connecting to resources in my CorpNet

Now, that I can ping let me try accessing files on that server or try to take remote of that server.

Resource Output 1: Accessing internal site: http://sharepoint         Status: FAILED

The does not open and it goes over the internet to search for this internal portal due to lack of connectivity.

image3

 

Resource Output 2: File Share (start -> run -> \\aviraj-demo )         Status: FAILED

image4

 

Resource Output 3: Remote Desktop Protocol – RDP (mstsc)         Status: FAILED

image5

 

TROUBLESHOOTING DirectAccess Using Windows 7 Built-in Troubleshooting Packs

I am getting Ping response but it seems I have not yet got complete CorpNet access due to authentication. Then I decided to run the Troubleshooting Option located in Network and Sharing Centre.

You can do that by clicking on Connection to a Workplace Using DirectAccess. I selected Automatic Repair check box.

image6

After running this wizard I got the following result. This was not much help, I tried updating group policy assuming that something is missing but nothing worked.

image7

 

TESTING OUTLOOK CLIENT CONNECTION…Hint for the solution!!!

Since I am connected to Internet, I decided to open up Outlook 2010 Client. As soon as clicked on Outlook 2010 here is the prompt I got.

image8

Hmm, surprisingly instead of my own Domain\Alias i.e. fareast\i-aviraj I am prompted with something like internet. At this point I got that that every time I get connected to Internet I am prompted with my Alias so why every time when I get connected using TATA Photon+ I am prompted with internet.

AND NOW THE SOLUTIONS FOR THIS PROBLEM.

Get DirectAccess Working – SOLUTION # 1: Using Huawei Dialer & Credentials Manager

Step 1: Get connected to the internet using the above stated process using TATA PHOTON+ Dialer or RELIANCE NETCONNECT BROADBAND DIALER.

Step 2: Go to Control Panel , double click on Credentials Manager

image9

Step 3: Expand the first entry named *Session in the Windows Credentials with status Modified: Today

image10

IMPORTANT NOTE: DO NOT DISCONNECT THE CONNECTION.

This is the exact reason, the DirectAccess in not fully functional. Every time you connect using HUAWEI Connection Manager, it creates this Windows Credentials named *Session with Persistence: Logon Session. Because of this Logon Session entry, it bypasses the default domain credentials and the dialer provided credentials are used for authentication and subsequently gets failed due to failure of authentication.

What is Logon Session?

logon session

A logon session begins whenever a user logs on to a computer. All processes in a logon session have the same primary access token. The access token contains information about the security context of the logon session, including the user's SID, the logon identifier, and the logon SID.

More to read http://msdn.microsoft.com/en-us/library/aa378338(VS.85).aspx

Step 4: Solving this issue and getting back to Domain Credentials

image11

Click on Remove Credentials and click on Yes

Step 5: Success within a Minute. :)

The moment you delete it, wait for few seconds and try to open any internal website say http://msw. Within moments, you will be asked for the prompt you have been for since months over your High Speed CDMA Broadband Connection.

Voila!!! Success, this is what you have been waiting for since long time. DirectAccess over TATA Photon+ and Reliance NetConnect Broadband using HUAWEI Dialer.

Windows Needs your Smart Card Credentials

image12

Double click on the Credential’s icon in system tray, insert Smart Card in reader and Enter PIN

image13

You will see your credentials getting verified.

image14

THAT’S IT. YOUR ARE CONNECTED TO YOUR CORPNET. NO MORE STEPS.

***** SOLUTION 1 ENDS HERE *****

We will test this solution if this really worked.

DirectAccess Attempt #2: Connecting to resources in my CorpNet…Post Applying Solution 1

Now that I have authenticated my credentials using Smart Card, I will check different resources.

Resource Output 1: Accessing internal site: http://sharepoint        Status: SUCCESS

image15

Resource Output 2: File Share (start -> run -> \\aviraj-demo )         Status: SUCCESS

This time I go to start run and enter the file share \\aviraj-demo and wait for the response.

While hovering on to the taskbar I see my mouse point showing busy icon, it means my explorer trying to connect to the remote resource. After a minute or so, after resolving the server name here my output.

image16

Resource Output 3: Remote Desktop Protocol - RDP (mstsc)         Status: SUCCESS

image17

When Connected to Remote Desktop over DirectAccess

image18

This is solution working with Dialer because many users are willing to use TATA/RELIANCE DIALER because it helps giving the signal strength by showing HSIA/CDMA Status. Secondly, it helps keeping track of usage by providing detailed stastics and real time speed in KB/s.

I hope this will surely help you experience DirectAccess over this high speed connection.

JUST REMEMBER, EVERY TIME YOU GET CONNECTED TO INTERNET USING TATA/RELIANCE DIALER, YOU NEED TO REMOVE *Session ENTRY FROM CREDENTIALS MANAGER TO GET YOUR DirectAccess WORKING.

 

Get DirectAccess Working – SOLUTION # 2: Using Windows Dialer instead of TATA/RELIANCE DIALER

Let’s start by showing the same image…

image1

As I said the red box indicates this is basically Windows Dial Up connection that get’s dialed at the backend. Instead of using TATA/RELIANCE Dialer you can directly connect to the pre-configure Dial Up Entry from your network.

Step 1: open the HUAWEI DIALER and read the Profile Name: TATA Indicom (in this example) close the dialer.

Step 2: Click on the Network and Sharing Center Icon in system tray. You will see your profile. Click on this Profile name. In this example it is TATA Indicom. Click on Connect and click on Dial

image19

Step 3: Once connected Go to Control Panel , double click on Credentials Manager. You will not find the Windows Credentials containing any *Session entry.

image20

Try to access internal resource, within a minute you will be prompted for Windows Smart Card Credentials.

THAT’S IT. YOUR ARE CONNECTED TO YOUR CORPNET WITHOUT USING TATA/RELIANCE DIALER. NO MORE STEPS.

***** SOLUTION 2 ENDS HERE *****

After then try using the same steps performed in DirectAccess Attempt #2.

I hope that this post has given you sufficient number of ideas about connecting to CorpNet. Many of customers would be benefitted by this and they can now leverage the same over high speed CDMA networks or similar types of connections. Meanwhile, I will try working finding the any other alternate solution that can help us avoid deleting the credential manager data manually.

I will be publishing a quick Screencast and will share it on http://edge.technet.com/people/aviraj

Quick Reminder: We are undergoing Blog migration to newer platform this week. User comments are disabled. Feel free to ask any questions to me over an E-Mail: i-aviraj@microsoft.com

Enjoy DirectAccess !!!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Indeed a helpful article !

  • Great Post... Very Informative!! :)

  • Hi,

    so it means we don't need vpn connection anymore to access the our local environment, but i have a question do we have to do anything at server level to access Direct access.

    Thanks

  • excellent article - issue got resolved.

  • Thank you all for your feedback

  • @Amit. Yes Amit you are absolutely correct. Once the DirectAccess IT Infrastructure in place you don't need to VPN into your corporate environment. The backend connectivity is established with your Corporate Network every time you get connected to Internet.

    For DirectAccess it uses Group Policy to apply the connection settings. You don't have to initiate anything from your end e.g. Dialer or any connection.

  • Great Post... really solved my problem.............

  • Very much help to fix the DA problem, thanks

  • Hi Aviraj
    Thanks a lot. Using solution 2 solved my problem. You saved me a lot of troubleshooting :)

  • Hi,

    For me on Windows 8.1 when I connect to RAS, lync getting disconnected and log in failing. I tried all the options you mentioned above. Still facing the same issue

  • gud one and very usefull