I have a machine that shows some strange behavior with DirectAccess.  It can't resolve any names as far as I can tell, but the DCA shows it is connected properly.  Some of the unsual things I see in the DCA diagnostics are below.  Any ideas on what is going on here?

Thanks,
Ken

Interface IPHTTPSInterface (Group Policy)  Parameters
------------------------------------------------------------
Role                       : client
URL                        : https://da.contoso.com:443/IPHTTPS
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

C:\Windows\system32\LogSpace\{87AF1F3E-599C-4BF9-BD45-B12ED47B38E6}>netsh dns show state

Name Resolution Policy Table Options
--------------------------------------------------------------------

Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                        if the name does not exist in DNS or
                                        if the DNS servers are unreachable
                                        when on a private network

Query Resolution Behavior             : Resolve only IPv6 addresses for names

Network Location Behavior             : Never use Direct Access settings

Machine Location                      : Outside corporate network

Direct Access Settings                : Configured and Disabled

DNSSEC Settings                       : Not Configured

C:\Windows\system32\LogSpace\{87AF1F3E-599C-4BF9-BD45-B12ED47B38E6}>netsh name show effective

DNS Effective Name Resolution Policy Table Settings

Note: DirectAccess settings would be turned off when computer is inside corporate network

This client is running Windows Enterprise not Pro, yes?

The Network Location Behavior: Never use Direct Access settings entry should be: Network Location Behavior: Let Network ID determine when Direct
Access settings are to be used

Check the following regkey: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks and make sure it is set to 0 and not 2. You will probably need a reboot after the change. The values for the key are shown here: http://msdn.microsoft.com/en-us/library/ff957870(PROT.10).aspx

Not sure why it got messed up, but that should fix it ;)

Cheers

JJ

Thanks Jason.  I'll give this a try and report back.

Ken

Thank you JJ this worked a treat!

No rebooted even required!

PS - Any ideas what would cause this to happen? Very new to UAG and DA

Hubs

Why isn't DirectAccess supported on Pro?  It looks like the feature to do the dns resolution via "name resolution policy table" was disabled.  Otherwise the adapters all connect and I get a connection to the directaccess server, I just cannot resolve names.  Any advice?

This issue has happened to me occasionally as well.  Of course that Reg Key is also flipped when the DCA is selected as 'Use Local DNS' - so make sure you check that setting first.  But I also have situations where this registry key is flipped for some other reason.  I'd really like to know WHY.  It is prevelant enough to develop a script and a self-help document for DirectAccess users at my organization.

Did anybody get the bottom of the cause of the reg key getting flipped?  I've seen it a few times here and whilst it is simple to fix, it can get trickier when you can't gain admin access to the remote system...

Cheers

Carl

This issue has happened to me occasionally as well.  Of course that Reg Key is also flipped when the DCA is selected as 'Use Local DNS' - so make sure you check that setting first.  But I also have situations where this registry key is flipped for some other reason.  I'd really like to know WHY.  It is prevelant enough to develop a script and a self-help document for DirectAccess users at my organization.

Did anybody get the bottom of the cause of the reg key getting flipped?  I've seen it a few times here and whilst it is simple to fix, it can get trickier when you can't gain admin access to the remote system...

Cheers

Thanks for the reply Jason - was considering the same myself but as you say can prove a problem for those off corp net.

Had a guy recently that was in the middle of Germany and our nearest office was a 6 hour drive so no local admin support available.....we got him working eventually using VPN that we had to install for him...that part was the real fun bit.

So still a bit of mystery then - I've recommended to our support team that they try advising the user to flip over to 'Prefer Local DNS' and then back again as a first step.  May be a quick fix in some situations but probably not ;)

Cheers