direct access client

Posted on 2014-02-06
Last Modified: 2014-04-05
I have two issues. My VPN works just fine but my direct access clients sit on connecting forever. Not sure where to begin troubleshooting. Also, my dashboard for clients say "Maximum client connections: 1". Is this my limit? if so, how do I increase this? or is this the maximum that has connection at once so far?
Question by:jsgrosskopf
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
LVL 18

Expert Comment

ID: 39841322
Maximum client connections are the peak in clients connected at the same time

if its sat on "Connecting...." then you have another issue with the infrastructure

Author Comment

ID: 39841709
Thanks for the answer regarding max connections. The other issue is I realize there is an infrastructure issue but I don't know what. All my icons are green in the direct access dashboard. I can't ping anything on my domain on my client and it is stuck at connecting
LVL 18

Expert Comment

ID: 39841798
are you running windows 7 or wndows 8?

either way you can run the diagnostics from the Direct Access client or the Direct Access connectivity assistant and then start on troublshooting

the first step is making sure you can resolve and ping your DA connection URL

then check the certificate thats being presented and make sure you can validate that.

if you are running windows 8 then there are less things to have to sort out
With windows 7 there are some extra complications

you can use these two commands to show potential issues

Netsh int httpstunnel show int



if you post them up then we can start troubleshooting
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.


Author Comment

ID: 39842232
I found another issue that may tie both together. I did not realize but none of my VPN clients can connect to external sites (, etc.) when they are on VPN. They can connect to everything in house. This is the case whether I use forced tunneling or not. I have tried about 50 other changes and suggestions browsing through websites but none fix the problem. Does anyone have any ideas? I'm thinking if I fix this, maybe the direct access will start working.
LVL 18

Expert Comment

ID: 39842719
well the VPN client will be down to routing, leave it with no split tunneling and first do a DNS lookup on google or something similar to check DNS is working, then do a trace route to see if you can the network path to it is correct.
Do you have a proxy server on your network? is that configured to allow connections from vpn clients

the direct access won't have anything to do with at. you need to run through the basic checks to see if you can resolve the DirectAccess server URL, check to see if you get to it

Author Comment

ID: 39842731
OK, I'll put the forced tunneling back in place. The last time I believe I could resolve the IP for google and We do not use a proxy, I have an internal firewall setup as my gateway. My external connection on the DA server is connected directly to my cable modem. My internal is connection to the internal switch / internal gateway. I have a gateway configured on the external card and no gateway on the internal card. I attempted to install NAT but that did not work, I saw no traffic between internal and external. I figured with forced tunneling, the client would get our internal gateway however the address is blank when they connect.
LVL 18

Expert Comment

ID: 39842936
thats why it doesn't work if its hasn't picked up any network topology.
what is doing you VPN - what kind of firewall/vpn client

To help with the DA status can you confirm these

have you put static routes on the DA server to point to the internal network.
did you do simple setup or manual setup
Win7 or Win8 Client
can you run the two command i gave before and put the output up here

Author Comment

ID: 39847231
Sorry it took so long to respond. I have to attend a camping trip with my son and left the office early Friday

Our firewall is a PFSense firewall but this DA server is not connected to this firewall. The DA server is connected directly to the modem. The only firewall is the Windows firewall running on the DA server. As for the Internal connection, it is connected to our switch with the gateway pointing to our PFSense firewall. The VPN client is the built in Microsoft VPN client.

2nd question, I put a static IP of on the internal connection. In the Windows 7 client, all of my users are using the simple setup. I have read that you can go into manual setup and select some option to use local gateway but that does not work either, then the situation is reversed (can get google, but no VPN resources.

I put forced tunneling back into place and ran the DNS lookup and tracert on and compared to my workstation at work. The results are:

Client via DA: (This my lead some insight).
server: attunite.lan (AT&T wireless router client is connecting to)


Client with VPN:
server: (our internal DNS server)

address: 2607.f8b0.4006.807::100e

Same as VPN yet VPN will not access google and workstation does. VPN Client says cannot display page

Tracert DA: unable to resolve target

Tracert VPN: ( (not the ip I assigned to the server)
Request timed out forever

TraceRT Workstation
serveral hops...Washington, Comcast etc.

Hope this gives some insight. I'm a little lost at the moment.
LVL 18

Expert Comment

ID: 39849497
what is the VPN connecting to is that the DirectAccess Server as well?

might need to start from scratch and run through the DA setup.

First thing - network setup
Direct Access server should have 2 NIC's
the External NIC should have a default gateway and no DNS
the Internal NIC should have no default gateway and DNS (which points at you internal DNS Servers)

the two addresses on each server should have IP addresses on different subnets i.e.

then you would put static routes on to point it at the internal subnet
route add mask -p

the above assumes its a /24 subnet and the default gateway is the start of the range.

As you are using windows 7 certificates become important.
What have you used for the Direct Access Server certificate and what have you used for the client certificate that installs on the Windows 7 machine.

also can you run the command i gave you on the Direct access client (the top one being more useful on windows 7)

Netsh int httpstunnel show int



Author Comment

ID: 39863558
Sorry I took so long to reply. I finally gave in and opened up an incident with Microsoft. After three days, this setup is in worse shape than ever. Now I can't even get the direct access client to install with group policy. They will continue to work on it this week and I'll report what they did when they finally get it working. thanks

Accepted Solution

jsgrosskopf earned 0 total points
ID: 39966490
Ended up getting Microsoft to help. The issue ended up being a problem with two different dhcp scopes. My servers are on 192.168.0 and my clients are 192.168.1. We use a subnet mask of With VPN, the clients are assigned (can't change this apparently) so the clients where connecting with network and address and could not get to any servers, firewall, gateway anything. I ended up with a specific dhcp for my vpn clients that assigns them a 192.168.0. address and all is well.

Author Closing Comment

ID: 39979830
Microsoft solved it

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question