< -- BuySellAds Ad Code ALLEN -->
Techieshelp Home Techieshelp Home

Direct Access 2012 – Windows 7 Clients Tunneling Internally

Written by Allen White on . Posted in Server 2012

On a recent installation I was tasked with setting up Direct Access on server 2012 for a client. The clients environment consisted purely of Windows 7 enterprise clients. The Direct Access server was in two NIC mode, one NIC in the DMZ and one sidestepped onto the LAN. After getting passed an issue where the DMZ NIC kept getting a domain profile, setting up certificate services for IPSEC I was ready to test client connectivity.

I put a laptop onto tethered 4g to emulate external access and the laptop connected to the Direct Access server successfully over IPHTTPS. As I was happy about the test being successful I connected the laptop again over Ethernet to the domain. When I did this I noticed that LAN NIC stated “no connection to the internet”.

direct access clients no connection to the internet when on lan

I did a few tests;

  • Pinged NLS.domain.com – No success
  • Checked the clients DNS status with netsh dns show state.
  • Checked the clients NRPT with the command netsh name show eff
  • Checked the status of the clienst IPHTTPS with netsh int http show int
  • Checked IPSEC mainmode with netsh advf mon show mmsa

From this I could work out that for some reason the Windows 7 client was trying to access to the domain via Direct Access while on the internal LAN.

The only way to get the machine to be able to see the domain was to disable Direct Access on the Windows client, this is done with the following command.

 net stop "ip helper"

This command effectively disables IPV6 and the machine will the start to communicate with the domain again. Now that I had the Windows client back on the domain I had to find out why the machines thought they where external when in fact they where connected to the LAN. I eventually came across this not very well known issue with the Network Location Awareness service on Windows 7 not being able to identify its location when configured to configured to use Direct Access. Take a look at the link below and patch this clients that this fault effects, your clients will then be able to detect that they are LAN connected and will not attempt to tunnel.

http://support.microsoft.com/kb/2951611

Tags: directaccess;iphttps

Allen White

Allen is an IT Consultant and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5, 6 and HP ASE, AIS - Network Infrastructure.

Leave a comment

Categories

Search

Vote!

What Web Browser Do You Use?

View Results

Loading ... Loading ...

Vote!

What do you prefer..VMware or Hyper-V?

View Results

Loading ... Loading ...

Read Me



Read Me

  • Building Server 2012 And Creating A New Windows 2012 Domain

    Building Server 2012 And Creating A New Windows 2012 Domain

    Step by step guide on how to installe microsoft server 2012, create a new server 2012 domain and promote a server into a 2012 domain

    Read more

  • Un-mountable Boot Volume

    Un-mountable Boot Volume

    The unmountable boot volume is a common error on windows XP. this error can sometimes be fixed via command line util ran from the CD. Here is how to do so.

    Read more

  • Convert NRG To ISO

    Convert NRG To ISO

    If you have a nero NRG file and you want to burn it bont dont have a copy of nero then you need to convert it to ISO. Here is a free guide ona utility on how to convert and burn Nero NRG files to ISO files.

    Read more

  • Exchange 2013 Event 16028 Eventlog

    Exchange 2013 Event 16028 Eventlog

    Exchange 2013 event ID 16028 errors in event log, how to fix clear and ignore. This issue is with CU4 and CU5

    Read more

  • Find Out What User Is Logged Into A PC

    Find Out What User Is Logged Into A PC

    A command that will help you find out what user is logged onto a pc/workstation on a network. How to find out who is logged into a pc.

    Read more

  • Auto Close Annoying Screens

    Auto Close Annoying Screens

    A nifty util that will automatically close windows ,screens or popups that keep asking the same question. This will auto answer pop up boxes.

    Read more