Have a configured and working Direct Access infrastructure. We are using no client certificates. Have implemented a selective ISATAP "Manage Out" solution for providing end user support on their connected DA clients.
Have added the four ISATAP enabled management systems to "Management Servers" in the DA configuration wizard.
Mange Out over ISATAP is working: Pinging the FQDN of the DA Client, SMB Access and RDP is working.
However, the tools that our customer wants to use for remote support don't work: The Windows integrated "Offer Remote Assistance" doesn't work. Since Remote Assistance is complicated and involves several services and ports, we tried to use VNC, which uses only TCP at port 5900.
We have created all Windows Firewall Inbound Rules with "allow edge traversal" enabled option for the public profile. Despite that, a connection with VNC or Remote Assistance cannot be established over ISATAP to the DA Client. When the DA Client is in the internal network, both tools are working.
Have now seen that the DA client doesn't even listen on the required ports for Remote assistance and VNC. netstat -a shows the following: ("Abhören" is "listening" in english)
Proto Lokale Adresse Remoteadresse StatusTCP 0.0.0.0:135 testda:0 ABHÖREN
TCP 0.0.0.0:445 testda:0 ABHÖREN
TCP 0.0.0.0:623 testda:0 ABHÖREN
TCP 0.0.0.0:3389 testda:0 ABHÖREN
TCP 0.0.0.0:5700 testda:0 ABHÖREN
TCP 0.0.0.0:9012 testda:0 ABHÖREN
TCP 0.0.0.0:16992 testda:0 ABHÖREN
TCP 0.0.0.0:47001 testda:0 ABHÖREN
TCP 0.0.0.0:49664 testda:0 ABHÖREN
TCP 0.0.0.0:49665 testda:0 ABHÖREN
TCP 0.0.0.0:49666 testda:0 ABHÖREN
TCP 0.0.0.0:49667 testda:0 ABHÖREN
TCP 0.0.0.0:49668 testda:0 ABHÖREN
TCP 0.0.0.0:49669 testda:0 ABHÖREN
TCP 0.0.0.0:49670 testda:0 ABHÖREN
TCP 0.0.0.0:49671 testda:0 ABHÖREN
TCP 127.0.0.1:49675 testda:0 ABHÖREN
TCP 192.168.100.163:139 testda:0 ABHÖREN
TCP 192.168.100.163:49417 40.67.254.36:https HERGESTELLT
TCP 192.168.100.163:55360 165.254.191.196:https HERGESTELLT
TCP 192.168.100.163:62646 www:https HERGESTELLT
TCP [::]:135 testda:0 ABHÖREN
TCP [::]:445 testda:0 ABHÖREN
TCP [::]:623 testda:0 ABHÖREN
TCP [::]:3389 testda:0 ABHÖREN
TCP [::]:5700 testda:0 ABHÖREN
TCP [::]:16992 testda:0 ABHÖREN
TCP [::]:47001 testda:0 ABHÖREN
TCP [::]:49664 testda:0 ABHÖREN
TCP [::]:49665 testda:0 ABHÖREN
TCP [::]:49666 testda:0 ABHÖREN
TCP [::]:49667 testda:0 ABHÖREN
TCP [::]:49668 testda:0 ABHÖREN
TCP [::]:49669 testda:0 ABHÖREN
TCP [::]:49670 testda:0 ABHÖREN
TCP [::]:49671 testda:0 ABHÖREN
TCP [::1]:49674 testda:0 ABHÖREN
TCP [::1]:49677 testda:49679 HERGESTELLT
TCP [::1]:49679 testda:49677 HERGESTELLT
TCP [fd72:98bf:a8c3:1000:d51b:a96c:2615:eb03]:55202 [fd72:98bf:a8c3:7777::ac10:132]:http HERGESTELLT
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3389 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:50716 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:54258 *:*
UDP 127.0.0.1:61626 *:*
UDP 127.0.0.1:62515 *:*
UDP 192.168.100.163:137 *:*
UDP 192.168.100.163:138 *:*
UDP 192.168.100.163:1900 *:*
UDP 192.168.100.163:61625 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3389 *:*
UDP [::]:4500 *:*
UDP [::]:5353 *:*
UDP [::]:5355 *:*
UDP [::]:50716 *:*
UDP [::1]:1900 *:*
UDP [::1]:61624 *:*
UDP [fe80::5d3:858:2995:e1d1%10]:1900 *:*
UDP [fe80::5d3:858:2995:e1d1%10]:61623 *:*
What we observe is that the applications (RDP and SMB access) that are listening on IPv6 (for example TCP [::]:3389 testda:0 listening) are working.
But the Windows 10 Client doesn't seems to listen over IPv6 to remote assistance and VNC requests. The ports for these applications are missing in the table above, and the applications don't work.
Thank you in advance for any advice
Franz