Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Direct Access error 0x2746 IPHTTPS

Posted on 2015-01-26
5
Medium Priority
?
743 Views
1 Endorsement
Last Modified: 2015-08-24
I have just setup a new single WIn2012 R2 as a Direct Access server, only using IPHTTPS.

So far, the config looks ok, but clients cannot connect to the DA server.

Looking at the clients httpstunnel interface, I got an 0x2746 error (connection closed). Any clues about what that means? DA Client Troubleshooting Tools crashes when I run it on a Win7 client.

The client have the right GPO, URL to DA server and can resolve the correct IP of the DA server.
1
Comment
Question by:xcomiii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 40570284
Hi,

are all your clients Enterprise Windows 7 ?
0
 
LVL 9

Accepted Solution

by:
xcomiii earned 0 total points
ID: 40570567
Yes, all WIn7 Enterprise.

Output from the DA server on the HTTPSTUNNEL interface:
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role                       : server
URL                        : https://da.domain.com:443/IPHTTPS
Client authentication mode : none
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

Output from the client's HTTPSTUNNEL interface:
------------------------------------------------------------
Role                       : client
URL                        : https://da.brreg.no:443/IPHTTPS
Last error code            : 0x2746
Interface Status s           : Could not connect to IP-HTTPS server, reconnecting

The external IP of da.comain.com is NAT'et to a BIG-IP VIP, which only have 1 DA server in the pool at the moment.
I suspect that BIG-IP is dropping traffic, and I have no option to bypass the BIG-IP due to routing issues.

Anyone who can give me a hint where to start? The BIG-IP is setup by another technician who is not very fluent in special setup like Direct Access, only standard web servers.
0
 
LVL 9

Author Closing Comment

by:xcomiii
ID: 40934468
Found out, it was error in the BIG-IP config.
0
 

Expert Comment

by:B Holmes
ID: 40944334
Hi xcomiii,

We're facing the same issue (error 0x2746) and also have a DirectAccess cluster load-balanced by F5 BIG-IP.  Could you detail what you changed in BIG-IP's config?  Many thanks,
Brendan
0
 
LVL 9

Author Comment

by:xcomiii
ID: 40944444
As I understood, the magic was NOT to terminate SSL sessions at BIG-IP, but instead use a perfomance forwarding rule. In other words, just to forward all the traffic to the DA servers without any change/inspection/SSL termination.
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question