Dear,

I'm confronted with the following issue:

We have an internal and external DNS server. Several of our subdomains point outward to servers hosting our websites elsewhere. One of these is not reachable to a client connected on DirectAccess. It resolves when running an nslookup, but is not pingable and does not resolve in a browser.

When we use the DCA to use Local DNS resolution, the site appears correctly. The site also appears correctly when on the corporate network or on any external machine.

Can anyone help?

Yours,

Willem Goethals

• Moved by Nick Gu - MSFTMicrosoft contingent staff Monday, March 26, 2012 5:35 AM (From:Forefront TMG and ISA Server)

Hi,

is the website you try to access an internal website or a website on the Internet? Have you checked the NRPT on the Windows client?

The website is an external website. We have similar websites with a different provider that don't give this error.

When trying to reach the website internally or from another network (external) it resolves correctly.

However, when we try to reach the websites when connected to DirectAccess we cannot reach it.

Doing an nslookup reveals the correct IP address.

Pinging doesn't work, the ping tries to reach the website's IPV6 address.

Tracert of the ipv4 address resolves correctly, doing the same for the URL gives constant timeouts (and mentions the ipv6 address).

Websites hosted at another provider don't give this error, but I wonder why the system tries to resolve the website on an ipv6 address while nslookup points to an ipv4 address.

It works correctly when we set "Use Local DNS resolution" on the DA connectivity assistant.

In our external DNS the websites is configured to go to the correct ipv4 address.

I hope this extra bit of info can help.

If this website is external have you made sure that the name of the site is set as an exclusion in your NRPT? In your DirectAccess configuration wizards on the UAG server, open up Step 3 and click on the DNS Suffixes screen. Here make sure to list the name of this site and exclude it, that will tell the DA clients not to try and send this website's traffic through the DA tunnels.

• Marked as answer by Willem Goethals Monday, May 14, 2012 8:27 AM

Thanks - that was the solution.

After updating the policy we had an issue with wireless clients being unable to find the network location server - no idea what caused that, it worked fine on wired clients.

Regardless, thanks for helping me to resolve this issue.

If this website is external have you made sure that the name of the site is set as an exclusion in your NRPT? In your DirectAccess configuration wizards on the UAG server, open up Step 3 and click on the DNS Suffixes screen. Here make sure to list the name of this site and exclude it, that will tell the DA clients not to try and send this website's traffic through the DA tunnels.

Hi,

How do I exclude the site? Inside Step 3 do you mean the DNS step, or the DNS Suffix Search List -step?

Our problem is that our external company website (www . company.fi) is not available with DA, and our domain name is the same (company.fi)

Thanks for the help!

You can read the article below.

http://technet.microsoft.com/en-us/magazine/ff394369.aspx

Sorry for such a long delay, I didn't get a notice about these new messages for some reason. Please do not follow the directions in that blog post to modify the NRPT. In a DirectAccess environment, you should never modify the NRPT by using Group Policy directly. Always use the DirectAccess wizards.

All you need to do is go into Step 3, into the DNS screen. Double-click to add a new entry, and type in the DNS name that you want to exclude from DirectAccess. Do NOT click on the Verify button, but rather simply enter the name and then click on OK. It should add a new entry into that spreadsheet-looking table on Step 3, with nothing listed to the right of the name. This means that the particular DNS name you just entered will not try to resolve via the DirectAccess tunnels, and instead that web traffic will flow outside of the DA tunnels, over the users regular internet connection.