Hey everyone, hope you can help/

I have an issue connecting to the RD Farm when connected through Direct Access. I have tried specifying the RD Gateway to no avail. Cannot ping RD farm or session hosts through v4 but can v6. The address comes back as the 6to4 address and is different for each ping to each session host.

When trying to RDP to the farm (or directly to a SH) certificate trust comes up so confirm that i am happy to trust the certificate for the connection, and it goes through to the point of initiating remote connection and then fails with the standard "Remote Desktop cant connect to the remote computer..." message.

I am not entirely sure where or how to troubleshoot this first. Users local side of the wan are ok, its only external. 

Apparently after numerous attempts the connection works but I am yet to witness this.

So further investigation shows that round robin doesnt seem to be working over DA. Once I have confirmed the Direct Access client is all connected and everything there is happy, I try an RDP session to my farm.

The certificate notification comes up for a particular session host (#3) of which i confirm that i trust it. It then connects in fine. 

If i then log back off the rdp session and disable logon to that #3 session host, retry the rdp connection to the farm, it fails. 

My big question is where does this fail? I am thinking the obvious of the redirect not functioning properly in some way. Getting rather desperate for assistance now as no one remotely can do invoicing and people are chomping at the bit...anyone? 

Have you confirmed that you can RDP directly into each terminal server directly over DirectAccess to make sure that packets are flowing correctly? If you have any trouble getting into any TS directly, this would obviously cause you problems. For example, if your clients are connected using Teredo and some of your terminal servers are firewalled so that they do not respond to ICMP (when you ping them they timeout), you are going to have trouble connecting to those servers from Teredo clients. If you open up ICMP and allow it to respond on those servers, they will then connect. So I would start by making sure that you can consistently access the servers directly before worrying about the load balancing.

Also you mentioned trying to ping RD hosts via v4 and v6. Over DirectAccess nothing moves over IPv4, all traffic and all ping responses will be IPv6.

Have you confirmed that you can RDP directly into each terminal server directly over DirectAccess to make sure that packets are flowing correctly? If you have any trouble getting into any TS directly, this would obviously cause you.............

Also you mentioned trying to ping RD hosts via v4 and v6. Over DirectAccess nothing moves over IPv4, all traffic and all ping responses will be IPv6.

Thanks for your reply Jordan! Gave me something to look into at least. So I have two testing scenarios both of which use the 3G services, one of which is on APN directly connected to our IP VPN WAN, the other my mobile completely separate to the network. Both of which are now allowing Direct Access to connect completely and the DA connectivity assistant shows everything working...great!

I can ping what I want, it all responds with the IPv6 address, I can RDP onto what ever I like...apart from directly to the session hosts that are part of this farm. I can even connect directly into the connection broker. I wouldn't expect to be able to connect to the session host directly anyway as they ask the connection broker if they should be hosting that session, is that not correct?

So my thought is the redirect isn't working over IPv6 and I cant find any resource on tinter-web with this same issue? It is as if the re-direct (or response) that comes from a different IP is being blocked...I am not entirely sure how to prove this theory though, hope this makes sense?

I have experienced the same issue trying to work with out RDS farm that is using session brokering.  My basic understanding is that the session broker hands back the client an IPv4 address of the RDS host in the farm that you should connect to.  When that happens DA doesn't know what to do with the IPv4 address.

Something similar was discussed in this thread:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/7bde59b5-387b-4c4c-9fc9-00a987033593/uag-directaccess-and-rd-connection-broker

Microsoft if you are listening here.  This all your own technology, please help us fix access to RDS farms from DA!

Microsoft if you are listening here.  This all your own technology, please help us fix access to RDS farms from DA!