Directaccess - Inside Corporate Network
Currently testing out deployment of DirectAccess and have my one client computer saying its Inside of the Coporate Network (when its not) after a show netsh dns show state. Obviously this is a NLS error, but striking out on what the possible causes could be. The NLS is currently on the DirectAccess server. Any ideas/assistance would be appreciated!
August 20th, 2015 3:33pm

I've just noticed that I am able to access the NLS on and off the network via a web browser, hence the client thinking its still on the network. Any ideas why its accessible off the network?
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2015 4:06pm

There's a few reasons it could be detected while off the network.

Make sure you don't have the NLS server's record published in external DNS and that the server is not accessible via the Internet. Most people don't accidentally do that, but still it should be mentioned as a possibility.

The more common reason is that the NLS server was not added as an exemption in the NRPT table when DirectAccess was setup.

In the Remote Access Management console, Configuration view, edit the "Infrastructure Server Setup" (Step 3) and add the FQDN for each NLS. Do not specify a DNS server. That will effectively create an NRPT exemption so that the NLS cannot be reached when the DirectAccess client is connected remotely.

There's some good screenshots, and information, over at Richard Hicks's blog post:

http://directaccess.richardhicks.com/2015/04/06/directaccess-nls-deployment-considerations-for-large-enterprises/

Those would be my best guesses based on the description.


  • Edited by RhinoBytes 13 hours 33 minutes ago Added information from Richard Hicks's blog
September 9th, 2015 1:43pm

There's a few reasons it could be detected while off the network.

Make sure you don't have the NLS server's record published in external DNS and that the server is not accessible via the Internet. Most people don't accidentally do that, but still it should be mentioned as a possibility.

The more common reason is that the NLS server was not added as an exemption in the NRPT table when DirectAccess was setup.

In the Remote Access Management console, Configuration view, edit the "Infrastructure Server Setup" (Step 3) and add the FQDN for each NLS. Do not specify a DNS server. That will effectively create an NRPT exemption so that the NLS cannot be reached when the DirectAccess client is connected remotely.

There's some good screenshots, and information, over at Richard Hicks's blog post:

http://directaccess.richardhicks.com/2015/04/06/directaccess-nls-deployment-considerations-for-large-enterprises/

Those would be my best guesses based on the description.


  • Edited by RhinoBytes Wednesday, September 09, 2015 5:43 PM Added information from Richard Hicks's blog
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2015 5:40pm

There's a few reasons it could be detected while off the network.

Make sure you don't have the NLS server's record published in external DNS and that the server is not accessible via the Internet. Most people don't accidentally do that, but still it should be mentioned as a possibility.

The more common reason is that the NLS server was not added as an exemption in the NRPT table when DirectAccess was setup.

In the Remote Access Management console, Configuration view, edit the "Infrastructure Server Setup" (Step 3) and add the FQDN for each NLS. Do not specify a DNS server. That will effectively create an NRPT exemption so that the NLS cannot be reached when the DirectAccess client is connected remotely.

There's some good screenshots, and information, over at Richard Hicks's blog post:

http://directaccess.richardhicks.com/2015/04/06/directaccess-nls-deployment-considerations-for-large-enterprises/

Those would be my best guesses based on the description.


  • Edited by RhinoBytes Wednesday, September 09, 2015 5:43 PM Added information from Richard Hicks's blog
September 9th, 2015 5:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics