The Private Cloud Man

Private Cloud Technologies, Architecture and more!

How to Disable IP-HTTPS for Testing and Troubleshooting

How to Disable IP-HTTPS for Testing and Troubleshooting

  • Comments 3
  • Likes

A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable it for a specific client for a short period of time to figure out what the problem might be with something else.

If you open the network shell (netsh) and check the syntax that you should use to disable the IP-HTTPS interface, you’ll see something like the following:

Syntax
set interface [[ url= ] ( url )] [[ state= ] ( enabled | disabled | default )] [[authmode= ] ( none | certificates )]

However, if you try it, you’ll see something like this:

image

What’s up with that?

Apparently, there is a problem with using netsh to disable the IP-HTTPS interface. Therefore, we’re going to have to consider an alternate approach to temporarily disable the IP-HTTPS interface.

To do this, open the Registry Editor and navigate to:

HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState

To disable the interface, set the value to 3.

Keep in mind that this setting is controlled through the UAG DirectAccess client Group Policy. When Group Policy is refreshed on the client, this setting will be overwritten and the IP-HTTPS interface will activate again.

HTH,

Tom

Tom Shinder
tomsh@microsoft.com
Principal Knowledge Engineer, Microsoft DAIP iX/Identity Management
Anywhere Access Group (AAG)
The “Edge Man” blog :
http://blogs.technet.com/tomshinder/default.aspx
Follow me on Twitter:
http://twitter.com/tshinder
Facebook:
http://www.facebook.com/tshinder

Visit the TechNet forums to discuss all your UAG DirectAccess issues
http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/threads

Stay up-to-date with “just in time” UAG DirectAccess information on the TechNet wiki http://social.technet.microsoft.com/wiki/tags/DirectAccess/default.aspx

Comments
  • Wouldn't it be easier to just disable the IP-HTTPS network interface using device-manager or is that not enough?

  • Hi Christoph,

    Hmmm - never thought of that. I'll give it a try and see how it works.

    Maybe it'll show up on a quiz soon :)

    Thanks!

    Tom

  • I want to disable Https for fews websites on the web, can i do that with a precise command on my windows machine ?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment