Background:
- Server 2012 Box - NATed Single NIC
- External IP Port 443 forwarded to internal IP
- directaccess.my.domain points to external IP
- NLS is located on DA server
- AD is at a 2008 R2
Symptom:
Once I connect a Windows 8 client computer to an external network, it shows limited connectivity and DA connection says "
I can reach servers via RDP by name and my CIFS fileshares without an issue. Pinging anything by name also works responding from a IPv6 address. So as far as I can tell, the IPHTTPS connection works. But for some reason Windows still reports limited connectivity.
Any ideas?
----------------
GPO Settings GPO SettingsDirectAccess server GPO name: DirectAccess Server Settings
Client GPO name: DirectAccess Client Settings
Remote Clients Remote Clients
DirectAccess client access and remote management is enabled
DirectAccess security groups: MISO\DAClients
Force tunneling is enabled
Resource used to verify internal network connectivity:
HTTP:http://directaccess-WebProbeHost.my.local.domain
PING:mail.my.local.domain
DirectAccess connection name: DirectAccess
Helpdesk email address: systems@my.local.domain
Remote Access Server Remote Access Server
DirectAccess Configuration
Public name or address to which clients connect: directaccess.my.local.domain
Network adapter connected to the external network (via NAT device): Ethernet
Internal network subnets: fd50:f3ba:556b:1::/64
DirectAccess clients authenticate using the DirectAccess server as a Kerberos proxy
IP-HTTPS certificate:
*.my.local.domain
Two-factor authentication is not enabled
Infrastructure Servers Infrastructure Servers
Network location server certificate:
CN=DirectAccess-NLS.my.local.domain
DNS suffixes used by clients to determine DNS queries to be directed to internal DNS servers: Name Suffix DNS Server Address
<Any Suffix> fd50:f3ba:556b:3333::1
DirectAccess-NLS.my.local.domain
directaccess.my.local.domain
Local name resolution option:
Use local name resolution if DNS servers are unavailable, or the name does not exist in DNS
Management server subnets used for remote client management:
IP Address/IPv6 Prefix/Name
SCCM2012.my.local.domain
Application Servers Application Servers
DirectAccess client access and remote management is enabled. End-to-end authentication to specific application servers is disabled