Hi,
I am having some real issues with setting up Direct Access with Server 2012 and a Windows 8 client, it simply wont work at all.
First of all I should describe my setup:
I have an internet connection with a static IPv4 address on the external network adapter of the router
The internal network address (the address of the router which has the internet connection) is 192.168.1.1
Server1 (windows 2008 R2 Standard) has a static IPv4 address 192.168.1.2 and has some ports forwarded from the router (443, 25, 80) this server is a domain controller, email server, and has the DNS, DHCP and certificate services
Server 2 (Windows 2008 R2 standard) has static IPv4 address 192.168.1.3 it has no ports forwarded from the router as it has no services accessed externally, it is used as a file server and print server, backup domain controller and backup DNS.
Server 3 (Windows 2012) has static IPv4 address 192.168.1.4 and has the Remote Access server role installed along with all the other default features and roles it requires in the setup process.
These servers have all got an IPv6 address which I assume the server has configured automatically, there has been no deliberate configurations made to disable IPv6
I have no UAG or proxy server or anything else to route packets to internal servers. Just this router which has the option for port forwarding (I assume thats NAT isnt it?) sorry dont know much about that area.
I go through the setup wizard in remote access to configure direct access, in the external URL I have entered da.mydomain.com and created a host A record in my external domain name providers DNS which points the da record to my external IP address. The wizard creates all the GPOs, scoped correctly, and applied to a Windows 8 client. The operational status shows its all working and I got green ticks. However, when I connect the client to the internal network it doesnt seem to have correctly got the DA settings. I run the following in powershell
Get-DnsClientNrptPolicy
Nothing displays at all
Get-NCSIPolicyConfiguration
Description : NCSI Configuration
CorporateDNSProbeHostAddress : fdd8:dd4a:ea42:7777::7f00:1
CorporateDNSProbeHostName : directaccess-corpConnectivityHost.mydomain.local
CorporateSitePrefixList : {fdd8:dd4a:ea42:1::/64, fdd8:dd4a:ea42:7777::/96, fdd8:dd4a:ea42:1000::1/128,
fdd8:dd4a:ea42:1000::2/128}
CorporateWebsiteProbeURL : http://directaccess-WebProbeHost.mydomain.local
DomainLocationDeterminationURL : https://DirectAccess-NLS.mydomain.local:62000/insideoutside
Get-DAConnectionStatus
Get-DAConnectionStatus : Network Connectivity Assistant service is stopped or not responding.
At line:1 char:1
+ Get-DAConnectionStatus
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_DAConnectionStatus:root/StandardCi...onnectionStatus) [Get-DAConnect
ionStatus], CimException
+ FullyQualifiedErrorId : Windows System Error 1753,Get-DAConnectionStatus
I go into services.msc and find that the network connectivity assistant is not started, it wont start either something must trigger it but I have no idea how to get it triggered to start this might be my only source of problem perhaps but on a more network level question:
If I have such ports as 80, and 443 (which I assume DA uses in some form with a public IPv4 internet address) directed at server 1, how does the DA connection get to server 3 which has the DA role installed? I could create another record on the server which also opens port 443 to server as well as for server 1, but then how would the router know which server to pass the DA connection to if the same port is open for two different servers?
Either way, this first issue is that the client doesnt seem to have the ability to connect internally correctly yet, so maybe this connectivity service is a good place to start? My understanding is that the networks icon in the system tray should show that there is a corporate connection, but it doesnt. also, the client seems to have the NLS certificate in the computer certificate store, so the cert side of things is working and the GPO side is working.
Many thanks
Steve