Hi,
I have the following configuration:
DirectAccess installed on Windows Server 2012.
Two network adapters. One on the internal network and one in a DMZ zone. The DA public IP is NAT'ed to the adapter in the DMZ zone.
Only uses IP-HTTPS because it is behind the NAT firewall.
The internal network adapter is configured to use two (of my three) internal DNS server for DNS lookup. No default route on this adapter.
The DMZ (external) network adapter is configured with a default gateway pointing on the NAT firewall.
Static routes have been added pointing to the internal networks.
Everything is working fine (most of the time) but now and then the "Operations Status" in the DA Console reports that it cannot contact the internal DNS servers.
If I try to ping the internal DNS servers i will not get a respond. The funny part is that it is only if I try to ping the two DNS servers I have added in the internal network adapter. If I try to ping my last DNS server it will respond fine and so will all the other internal servers. I can ping the internal DNS servers from other servers but not from the DA server.
After a while the DNS servers start to respond again and the DA "Operation status" goes back from critical to working.
I have seen this in two DirectAccess installations now.
Why do the DNS servers stop responding? Is it a bug or did I configure something wrong?
Thomas Forsmark Soerensen