• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 898
  • Last Modified:

Direct Access error 0x2746 IPHTTPS

I have just setup a new single WIn2012 R2 as a Direct Access server, only using IPHTTPS.

So far, the config looks ok, but clients cannot connect to the DA server.

Looking at the clients httpstunnel interface, I got an 0x2746 error (connection closed). Any clues about what that means? DA Client Troubleshooting Tools crashes when I run it on a Win7 client.

The client have the right GPO, URL to DA server and can resolve the correct IP of the DA server.
1
xcomiii
Asked:
xcomiii
  • 3
1 Solution
 
IvanSystem EngineerCommented:
Hi,

are all your clients Enterprise Windows 7 ?
0
 
xcomiiiAuthor Commented:
Yes, all WIn7 Enterprise.

Output from the DA server on the HTTPSTUNNEL interface:
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role                       : server
URL                        : https://da.domain.com:443/IPHTTPS
Client authentication mode : none
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

Output from the client's HTTPSTUNNEL interface:
------------------------------------------------------------
Role                       : client
URL                        : https://da.brreg.no:443/IPHTTPS
Last error code            : 0x2746
Interface Status s           : Could not connect to IP-HTTPS server, reconnecting

The external IP of da.comain.com is NAT'et to a BIG-IP VIP, which only have 1 DA server in the pool at the moment.
I suspect that BIG-IP is dropping traffic, and I have no option to bypass the BIG-IP due to routing issues.

Anyone who can give me a hint where to start? The BIG-IP is setup by another technician who is not very fluent in special setup like Direct Access, only standard web servers.
0
 
xcomiiiAuthor Commented:
Found out, it was error in the BIG-IP config.
0
 
B HolmesCommented:
Hi xcomiii,

We're facing the same issue (error 0x2746) and also have a DirectAccess cluster load-balanced by F5 BIG-IP.  Could you detail what you changed in BIG-IP's config?  Many thanks,
Brendan
0
 
xcomiiiAuthor Commented:
As I understood, the magic was NOT to terminate SSL sessions at BIG-IP, but instead use a perfomance forwarding rule. In other words, just to forward all the traffic to the DA servers without any change/inspection/SSL termination.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now