The Private Cloud Man

Private Cloud Technologies, Architecture and more!

DirectAccess Monitor Reports Network Security Not Healthy

DirectAccess Monitor Reports Network Security Not Healthy

  • Comments 1
  • Likes

Came across a very handy tip on the TechNet forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/8965b7de-8814-40ed-b189-37b53bb1b88b

imageIn this thread, UAG DirectAccess Pro Ken Carvel provides a nice tip on what to do when you see the DirectAccess Monitor report that Network Security is not healthy.

Just in case that thread disappears, I’ll repost what Ken had to say here:

“I have seen this before as well and it has to do with IPSec DOS protection.

I saw that one of the servers in my array showed as Not Healthy.  I ran the "netsh ipsecdosprotection show interfaces" from the command line and got an "Element not Found" error.  What had happened was one of the IPv6 tunneling interfaces had changed names, like the Teredo Tunneling interface was now "Local Area Connection* 10".  I'm not sure why this happens, but I have seen it on several different UAG DirectAccess servers.

What I did to fix it was run the "netsh int ipv6 show int" command and figure out the names of all of the interfaces.  Then I ran "netsh ipsecdos reset" and manually added the interfaces back like this:

netsh ipsecdos add interface isatap.contoso.com internal
netsh ipsecdos add interface External public
netsh ipsecdos add interface "6TO4 Adapter" public
netsh ipsecdos add interface IPHTTPSInterface public
netsh ipsecdos add interface "Local Area Connection* 10" public”

Great tip Ken! Thanks!

HTH,

Tom

Tom Shinder
tomsh@microsoft.com
Principal Knowledge Engineer, Microsoft DAIP iX/Identity Management
Anywhere Access Group (AAG)
The “Edge Man” blog :
http://blogs.technet.com/tomshinder/default.aspx
Follow me on Twitter:
http://twitter.com/tshinder
Facebook:
http://www.facebook.com/tshinder

Visit the TechNet forums to discuss all your UAG DirectAccess issues
http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/threads

Stay up-to-date with “just in time” UAG DirectAccess information on the TechNet wiki http://social.technet.microsoft.com/wiki/tags/DirectAccess/default.aspx

Comments
  • Hi, I know this thread is old, but right now I'm having this problem about the Not Healthy Status of not only Network Security, but also of Teredo Server and Teredo Relay on one UAG server in an UAG Array. I checked the netsh ipsecdosprotection show interfaces, but I don't get that "Element not found" error.

    I get a list of the public and internal interfaces, so I'm guessing that's not the problem, any ideas?

    Thanks!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment