During the past few months I was heavily engaged with different DirectAccess implementations and passed by several interesting issues/problems. The Direct Access Wizard is so simple and normally things get working from the first time however sometimes things can go wrong. In this article series I will try to go through several troubleshooting items moving from the basic commands to more advanced issues.

First of all we need to ensure that the Direct Access components on the Windows 7 client are running and functioning normally. The basic steps are as follows:

  1. From the Start Menu - Right Click Computer Object – Properties – Device Manager – View (Show Hidden Devices) – Expand Network Adapters – Ensure the “IPHTTPSinterface” and “Teredo Tunneling Pseudo-Interface” are enabled.
  2. From the Services, Check the “IP Helper” service startup type is Automatic and the status is up and running.
  3. IPconfig /all to check which interfaces are up and which interfaces have IPV6 address.
  4. Ensure the Machine is located outside the Corporate Network by running the following command:

Netsh dnsclient show state

Which Transition Technology is my DA client using?

1. If the Direct Access client has a public IPV4 address (Assigned to his Ethernet or Wireless NIC) and the IP Protocol 41 is allowed on Company Corporate Firewall/UAG/TMG then the client will connect using the 6to4 Transition Technology

The Three main Netsh Commands that should be used for Troubleshooting are:

 

2. If the 6to4 Interface didn’t come up (For DA clients with public IPV4 Addresses) then the DA client will automatically fall back to IPHTTPS Interface connection.

The main Netsh command for IPHTTPS is:

3. If the DA client is behind a NAT device then it should connect using Teredo provided that Port 3544 (UDP) is enabled and allowed all the way to the DA Server

The main Netsh command used with Teredo is:

4. If the Teredo didn’t work (Clients behind NAT) then the DA client will fall Automatically to the IPHTTPS option (Step 2)


For more details on UAG 2010 Portal and Direct Access please check my blog http://itcalls.blogspot.com/