Hello,

I have deployed a DirectAccess 2012 server using computer certificate authentication. The clients are connecting to corporate resources over the WAN usin DirectAccess. Forced tunneling is a requirement. The DirectAccess is only configured for IPHTTPS using a single NIC behind a firewall.

But there is a TMG web proxy in the corporate network that authenticates users. When these users connect over the Internet using devices that have DirectAccess enabled, they are not able to visit any sites as TMG blocks the connection. In the TMG logs, I see that the reason it is dropping these web connections are because the traffic is coming from an 'anonymous' user as per the logs.

The TMG proxy rule for Internet access requires user authentication. We are setting the proxy using GPO for all domain computers.

The issue is that when the Direct Access 2012 users are trying to access the Internet (as we are using force tunneling), the Direct Access server does not seem to be passing the user credentials to the reverse proxy. So the reverse proxy is blocking Internet access for these users.

I am seeking answer as to how can I configure Direct Access 2012 so that the domain users who are connected externally are able to browse Internet using the proxy.

Can someone please a

Hi SinghP80,

We're seeing the same issue with a Symantec authenticating proxy.

Did you find a solution or workaround to allow your clients internet access?

Cheers,
Simon.

Hello Simon,

Yes I was able to resolve this by using the command below on the DA server:

Set-DAClientDNSConfiguration -DNSSuffix '.' -ProxyServer ProxyFQDN:PortNumber

Hope this helps you as well. Please let me know.

Regards,