Solved

Direct Access error 0x2746 IPHTTPS

Posted on 2015-01-26
5
628 Views
1 Endorsement
Last Modified: 2015-08-24
I have just setup a new single WIn2012 R2 as a Direct Access server, only using IPHTTPS.

So far, the config looks ok, but clients cannot connect to the DA server.

Looking at the clients httpstunnel interface, I got an 0x2746 error (connection closed). Any clues about what that means? DA Client Troubleshooting Tools crashes when I run it on a Win7 client.

The client have the right GPO, URL to DA server and can resolve the correct IP of the DA server.
1
Comment
Question by:xcomiii
  • 3
5 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 40570284
Hi,

are all your clients Enterprise Windows 7 ?
0
 
LVL 9

Accepted Solution

by:
xcomiii earned 0 total points
ID: 40570567
Yes, all WIn7 Enterprise.

Output from the DA server on the HTTPSTUNNEL interface:
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role                       : server
URL                        : https://da.domain.com:443/IPHTTPS
Client authentication mode : none
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

Output from the client's HTTPSTUNNEL interface:
------------------------------------------------------------
Role                       : client
URL                        : https://da.brreg.no:443/IPHTTPS
Last error code            : 0x2746
Interface Status s           : Could not connect to IP-HTTPS server, reconnecting

The external IP of da.comain.com is NAT'et to a BIG-IP VIP, which only have 1 DA server in the pool at the moment.
I suspect that BIG-IP is dropping traffic, and I have no option to bypass the BIG-IP due to routing issues.

Anyone who can give me a hint where to start? The BIG-IP is setup by another technician who is not very fluent in special setup like Direct Access, only standard web servers.
0
 
LVL 9

Author Closing Comment

by:xcomiii
ID: 40934468
Found out, it was error in the BIG-IP config.
0
 

Expert Comment

by:B Holmes
ID: 40944334
Hi xcomiii,

We're facing the same issue (error 0x2746) and also have a DirectAccess cluster load-balanced by F5 BIG-IP.  Could you detail what you changed in BIG-IP's config?  Many thanks,
Brendan
0
 
LVL 9

Author Comment

by:xcomiii
ID: 40944444
As I understood, the magic was NOT to terminate SSL sessions at BIG-IP, but instead use a perfomance forwarding rule. In other words, just to forward all the traffic to the DA servers without any change/inspection/SSL termination.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question