Hello
I set up a standard DirectAccess on Windows Server 2008 R2. DNS and DC is on another machine running Windows Server 2008 R2. Pinging locally from and to DA/DC server works like a charm but when I try to ping DC (DNS) server from my DA client it will time out. I can ping my DA server from client with IP 2002:58c4:da22:1:0:5efe:192.168.1.2 without problems.
When I ping my clients Teredo address from my DNS server it gets PING: transmit failed. General failure. I cannot ping the same address on my DA server (times out).
The infrastructure is set up step by step using this guide: http://technet.microsoft.com/en-us/library/ee649137(v=ws.10).aspx. I have read all the troubleshooting articles located in here: http://technet.microsoft.com/en-us/library/ee624058(v=ws.10).aspx but have not got anything useful out of them.
Please help me, It has already taken too much time to troubleshoot this issue. Here is my DACA log.
RED: Corporate connectivity is not working.
Windows cannot contact the DirectAccess server. Please contact your administrator if this problem persists.
26/2/2013 9:2:44 (UTC)
Probes List
FAIL PING: mcad.company.ee
FAIL HTTP: http://mcad.company.ee/
FAIL FILE: \\mcad.company.ee\files\example.txt
DTE List
RESOLVED NAME PING: 2002:58c4:da22:1:0:5efe:192.168.1.1
PASS PING: 2002:58c4:da22:1:0:5efe:192.168.1.2
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : eehqoff9
Primary Dns Suffix . . . . . . . : company.ee
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.ee
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : company.ee
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-01-50-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3dc1:ee4d:aaee:2651%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.77(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 26. veebruar 2013. a. 11:01:16
Lease Expires . . . . . . . . . . : 27. veebruar 2013. a. 11:01:17
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886493
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-82-60-A8-00-15-5D-01-50-0B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.company.ee:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : company.ee
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:58c4:da22:2043:11cf:4fd1:e46e(Preferred)
Link-local IPv6 Address . . . . . : fe80::2043:11cf:4fd1:e46e%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter iphttpsinterface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft IP-HTTPS Platform Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh int teredo show state
Teredo Parameters
---------------------------------------------
Type : client
Server Name : 88.xxx.xxx.34 (Group Policy)
Client Refresh Interval : 30 seconds
Client Port : unspecified
State : qualified
Client Type : teredo client
Network : unmanaged
NAT : restricted
NAT Special Behaviour : UPNP: No, PortPreserving: Yes
Local Mapping : 192.168.1.77:60976
External NAT Mapping : 176.xxx.xx.xxx:60976
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh int httpstunnel show interfaces
Interface IPHTTPSInterface (Group Policy) Parameters
------------------------------------------------------------
Role : client
URL : https://da.company.ee:443/IPHTTPS
Last Error Code : 0x2afc
Interface Status : failed to connect to the IPHTTPS server. Waiting to reconnect
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh dns show state
Name Resolution Policy Table Options
--------------------------------------------------------------------
Query Failure Behavior : Always fall back to LLMNR and NetBIOS
if the name does not exist in DNS or
if the DNS servers are unreachable
when on a private network
Query Resolution Behavior : Resolve only IPv6 addresses for names
Network Location Behavior : Let Network ID determine when Direct
Access settings are to be used
Machine Location : Outside corporate network
Direct Access Settings : Configured and Enabled
DNSSEC Settings : Not Configured
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh name show policy
DNS Name Resolution Policy Table Settings
Settings for nls.company.ee
----------------------------------------------------------------------
Certification authority : DC=ee, DC=company, CN=company-MCAD-CA
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) :
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Bypass proxy
Settings for .company.ee
----------------------------------------------------------------------
Certification authority : DC=ee, DC=company, CN=company-MCAD-CA
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) : 2002:58c4:da22:1:0:5efe:192.168.1.1
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Bypass proxy
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh name show effective
DNS Effective Name Resolution Policy Table Settings
Settings for nls.company.ee
----------------------------------------------------------------------
Certification authority : DC=ee, DC=company, CN=company-MCAD-CA
DNSSEC (Validation) : disabled
IPsec settings : disabled
DirectAccess (DNS Servers) :
DirectAccess (Proxy Settings) : Bypass proxy
Settings for .company.ee
----------------------------------------------------------------------
Certification authority : DC=ee, DC=company, CN=company-MCAD-CA
DNSSEC (Validation) : disabled
IPsec settings : disabled
DirectAccess (DNS Servers) : 2002:58c4:da22:1:0:5efe:192.168.1.1
DirectAccess (Proxy Settings) : Bypass proxy
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh int ipv6 show int level=verbose
Interface Loopback Pseudo-Interface 1 Parameters
----------------------------------------------
IfLuid : loopback_0
IfIndex : 1
State : connected
Metric : 50
Link MTU : 4294967295 bytes
Reachable Time : 41000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : disabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface isatap.company.ee Parameters
----------------------------------------------
IfLuid : tunnel_4
IfIndex : 12
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 39000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Local Area Connection* 9 Parameters
----------------------------------------------
IfLuid : tunnel_5
IfIndex : 13
State : connected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 10000 ms
Base Reachable Time : 15000 ms
Retransmission Interval : 2000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Local Area Connection Parameters
----------------------------------------------
IfLuid : ethernet_6
IfIndex : 11
State : connected
Metric : 5
Link MTU : 1500 bytes
Reachable Time : 15000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface iphttpsinterface Parameters
----------------------------------------------
IfLuid : tunnel_6
IfIndex : 19
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 31500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh advf show currentprofile
Private Profile Settings:
----------------------------------------------------------------------
State ON
Firewall Policy BlockInbound,AllowOutbound
LocalFirewallRules N/A (GPO-store only)
LocalConSecRules N/A (GPO-store only)
InboundUserNotification Enable
RemoteManagement Disable
UnicastResponseToMulticast Enable
Logging:
LogAllowedConnections Disable
LogDroppedConnections Disable
FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize 4096
Ok.
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>netsh advfirewall monitor show consec
Global Settings:
----------------------------------------------------------------------
IPsec:
StrongCRLCheck 0:Disabled
SAIdleTimeMin 5min
DefaultExemptions NeighborDiscovery,ICMP,DHCP
IPsecThroughNAT Never
AuthzUserGrp None
AuthzComputerGrp None
StatefulFTP Enable
StatefulPPTP Enable
Main Mode:
KeyLifetime 60min,0sess
SecMethods DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
ForceDH No
Categories:
BootTimeRuleCategory Windows Firewall
FirewallRuleCategory Windows Firewall
StealthRuleCategory Windows Firewall
ConSecRuleRuleCategory Windows Firewall
Quick Mode:
QuickModeSecMethods ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
QuickModePFS None
Security Associations:
No SAs match the specified criteria.
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>Certutil -store my
my
CertUtil: -store command completed successfully.
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>Systeminfo
Host Name: EEHQOFF9
OS Name: Microsoft Windows 7 Ultimate
OS Version: 6.1.7601 Service Pack 1 Build 7601
OS Manufacturer: Microsoft Corporation
OS Configuration: Member Workstation
OS Build Type: Multiprocessor Free
Registered Owner: User
Registered Organization:
Product ID: 00426-292-0000007-85846
Original Install Date: 12.01.2013, 2:07:40
System Boot Time: 26.02.2013, 11:00:45
System Manufacturer: Microsoft Corporation
System Model: Virtual Machine
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~3400 Mhz
BIOS Version: American Megatrends Inc. 090006 , 23.05.2012
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: et;Estonian
Input Locale: et;Estonian
Time Zone: (UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius
Total Physical Memory: 2˙048 MB
Available Physical Memory: 1˙507 MB
Virtual Memory: Max Size: 4˙095 MB
Virtual Memory: Available: 3˙498 MB
Virtual Memory: In Use: 597 MB
Page File Location(s): C:\pagefile.sys
Domain: company.ee
Logon Server: N/A
Hotfix(s): 109 Hotfix(s) Installed.
[01]: 982861
[02]: KB2592687
[03]: KB971033
[04]: KB2479943
[05]: KB2484033
[06]: KB2488113
[07]: KB2491683
[08]: KB2505438
[09]: KB2506014
[10]: KB2506212
[11]: KB2506928
[12]: KB2509553
[13]: KB2511250
[14]: KB2511455
[15]: KB2515325
[16]: KB2522422
[17]: KB2529073
[18]: KB2532531
[19]: KB2533552
[20]: KB2536275
[21]: KB2536276
[22]: KB2541014
[23]: KB2544893
[24]: KB2545698
[25]: KB2547666
[26]: KB2552343
[27]: KB2560656
[28]: KB2563227
[29]: KB2564958
[30]: KB2570947
[31]: KB2574819
[32]: KB2579686
[33]: KB2584146
[34]: KB2585542
[35]: KB2603229
[36]: KB2604115
[37]: KB2618451
[38]: KB2619339
[39]: KB2620704
[40]: KB2620712
[41]: KB2621440
[42]: KB2631813
[43]: KB2640148
[44]: KB2644615
[45]: KB2645640
[46]: KB2647753
[47]: KB2653956
[48]: KB2654428
[49]: KB2655992
[50]: KB2656356
[51]: KB2656411
[52]: KB2658846
[53]: KB2659262
[54]: KB2660075
[55]: KB2660649
[56]: KB2661254
[57]: KB2667402
[58]: KB2676562
[59]: KB2685811
[60]: KB2685813
[61]: KB2685939
[62]: KB2688338
[63]: KB2690533
[64]: KB2691442
[65]: KB2698365
[66]: KB2699779
[67]: KB2705219
[68]: KB2706045
[69]: KB2709630
[70]: KB2709981
[71]: KB2712808
[72]: KB2718704
[73]: KB2719857
[74]: KB2724197
[75]: KB2726535
[76]: KB2727528
[77]: KB2729094
[78]: KB2729452
[79]: KB2732059
[80]: KB2732487
[81]: KB2732500
[82]: KB2735855
[83]: KB2736233
[84]: KB2736422
[85]: KB2739159
[86]: KB2741355
[87]: KB2742599
[88]: KB2743555
[89]: KB2749655
[90]: KB2750841
[91]: KB2753842
[92]: KB2756921
[93]: KB2757638
[94]: KB2758857
[95]: KB2761217
[96]: KB2761465
[97]: KB2762895
[98]: KB2763523
[99]: KB2769369
[100]: KB2770660
[101]: KB2773072
[102]: KB2778930
[103]: KB2779562
[104]: KB2785220
[105]: KB2786081
[106]: KB2786400
[107]: KB976002
[108]: KB976902
[109]: KB982018
Network Card(s): 1 NIC(s) Installed.
[01]: Microsoft Virtual Machine Bus Network Adapter
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.77
[02]: fe80::3dc1:ee4d:aaee:2651
C:\Windows\system32\LogSpace\{ED5879FF-F05A-4ABC-8E21-C3E49F12D609}>whoami /groups
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
====================================== ================ ============ ==================================================
BUILTIN\Administrators Alias S-1-5-32-544 Enabled by default, Enabled group, Group owner
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
Mandatory Label\System Mandatory Level Label S-1-16-16384