Hi there,
I'm in the process of setting up a DirectAccess server as a proof of concept but have ran into a problem I cannot find anything about from scouring the internet - I'm hoping someone can advise on what to test.
We have a DirectAccess 2012 R2 server with 2 cards configured - 1 internal, the other in the DMZ. I'm working with Windows 8.1 Enterprise and 10 Education workstations using a machine based certificate and AD authentication. Clients have a PAC file set for internet access internally. Force tunnelling is disabled as is local name resolution.
Using IP-HTTPS as the method of connecting (disabled Teredo, 6to4 and ISATAP on the clients) all appears to work okay. I can see the infrastructure tunnel come up, so I can ping internal services and half the time the intranet tunnel comes up as the user logs in and can get access to CIF shares, internal resources.
Unfortunately, the other half of the time the intranet tunnel comes up AFTER the use logs in (about 20seconds-2 minutes after the desktop loads) and therefore doesn't map their home drives or run user GPO's. Due to the short time period, the DA troubleshooting tool is useless as by the time the tool completes the intranet tunnel is up and running. Checking Windows firewall indicates the the user tunnel doesn't come up.
Can anyone think of any steps I can do to fault find this? Is there any way to get the computer to wait until the second tunnel is up before logging the user in?
Any help is much appreciated - so frustrating as I feel we're almost there to roll this out.
Thanks in advance.