Direct Access lab settings with 2 servers
Hi!
I try to get Direct Access R2 work with 2 servers (DC and APP1 are at one server) and (DA and INET1 are at other server), managed to get work Teredo and 6to4 but IP-HTTPS don't work
C:\Windows\system32>netsh interface httpstunnel show interface
Interface IPHTTPSInterface (Group Policy) Parameters
------------------------------------------------------------
Role : client
URL : https://mydomain.com:443/IPHTTPS
Last Error Code : 0x2afc
Interface Status : failed to connect to the IPHTTPS server. Waiting to
reconnect
** The above IPHTTPSInterface setting is the result of Group Policy overriding
any local configuration.
Same time DirecAccss server it's self showing like he is client not server;
C:\Windows\system32>netsh interface httpstunnel show interface
Interface IPHTTPSInterface (Group Policy) Parameters
------------------------------------------------------------
Role : client
URL : https://mydomain.com:443/IPHTTPS
Last Error Code : 0x0
Interface Status : IPHTTPS interface deactivated
** The above IPHTTPSInterface setting is the result of Group Policy overriding
any local configuration.
But here is one more question if Teredo and 6to4 are down, then should i see at first place https://mydomain.com:443/IPHTTPS, because all mydomains request are trying connect thru tunnels.
Thanks,
Marko
April 10th, 2011 10:58am
Hi Marko,
I'm not recommend to use only 2 servers to test DA though you tested successful.
Host behind web proxy server could use IP-HTTPS tunnel connect to DA server when teredo and 6to4 are down. The tunnel use the url
https://DAserver.mydomain.com:443/IPHTTPS to establish the connection which defined in DA clients group policy. I give you these suggestions.
1.The host test IP-HTTPS need behind web proxy server NAT1. IP-HTTPS tunnel url need to point to DA server external IP.
2. According to DA step by step doc, the external IP-HTTPS URL point to
https://edge1.contoso.com:443/IPHTTPS, not use the same internal dns name edge1.corp.contoso.com. Please ensure your test scenario is not use same dns mydomain.com to resolve
DA internal and external.
DirectAccess_StepByStep
http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=8d47ed5f-d217-4d84-b698-f39360d82fac
3. Please trouble shooting refer to below article
Cannot Reach the DirectAccess Server with IP-HTTPS
http://technet.microsoft.com/en-us/library/ee844126(WS.10).aspx
Regards, Rick Tan
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2011 5:21am