Riccardo Pomato

Translate This Page
Options
Search Blogs
Tags
Archive
Archives

July, 2014

TechNet Blogs » Riccardo Pomato » July, 2014
Posts
Sort by: Most Recent | Most Views | Most Comments
Excerpt View | Full Post View

  • Direct Access status Always "Connecting" on Windows 8

    Posted 5 months ago
    by Ripom}

    Have you ever had experience about this issue?

    I deployed some Direct Access and I've got several problem with this technology, may be "Connecting" issue is the most headache problem.

    There are many causes can involve this behavior I will talk about two causes.

     

    First cause with IP-HTTPS error code 0x2AF9

    Status Connecting and Direct Access does not working

    If you run netsh by command promps on Windows Client: netsh interface httpstunnel show interface and get the follow message:

    Interface IPHTTPSInterface (Group Policy)  Parameters
    ————————————————————
    Role                       : client
    URL                        : https://directaccess.yourdomain.com:443/IPHTTPS
    Last Error Code            : 0x2af9
    Interface Status           : failed to connect to the IPHTTPS server

    then you can must check DNS name resolution and client PROXY configuration.

    If those following statement ore true:

    1. correctly resolve URL directaccess.yourdomain.com
    2. don't need proxy and proxy configuration is disabled
    3. firewall, between your client and directaccess server is correctly configured

    then your should check this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgrIf, if you can see any sub-Keys below ProxyMgrIf key then delete the whole ProxyMgrIf key and restart your DirectAccess client.

    Second cause

    Status Connecting and Direct Access does working

    Check your company DNS server zone for Directaccess-WebProbeHost.yourcompany.local entry and if it missing then create the entry with DirectAccess server internal IP (use VIP if you have NLB)

    Read more: Cannot Reach the DirectAccess Server with IP-HTTPS (http://technet.microsoft.com/en-us/library/ee844126(v=ws.10).aspx)

  • DirectAccess and get website by internal proxy

    Posted 5 months ago
    by Ripom}

    I have some clients must use internal proxy to access to some websites (security rules).

    When they use DirectAccess client outside corporate network, they have problem to access to those websites.

    If you are in the same situation, How can you resolve it?

     

    You need to edit Name Resolution Policy Table (NRPT) on DirectAccess (DA) server by using powershell cmdlet.

    Add-DAClientDNSConfiguration -DnsSuffix ‘www.mywebsite.com’ –proxyserver ‘myproxy.mydomain.com:8080’


    Powershell cmdlet will edit GPO DirectAccess policy, so after successfully run cmdlet you need to run GPUPDATE /FORCE on Windows 8 client to get effect immediatly.

     

    You can check NRPT table by command line:

     

    Windows 7:

    netsh namespace show policy

     

    Windows 8

    Get-DAEntryPointTableItem

     

     

    If you need to access to public URL by corporate network, then you need to configure name resolution in this way on your DirectAccess server:

     

     

    Read more: Add-DAClientDnsConfiguration (http://technet.microsoft.com/en-us/library/hh918437.aspx )