Solved

Direct Access error 0x2746 IPHTTPS

Posted on 2015-01-26
5
508 Views
1 Endorsement
Last Modified: 2015-08-24
I have just setup a new single WIn2012 R2 as a Direct Access server, only using IPHTTPS.

So far, the config looks ok, but clients cannot connect to the DA server.

Looking at the clients httpstunnel interface, I got an 0x2746 error (connection closed). Any clues about what that means? DA Client Troubleshooting Tools crashes when I run it on a Win7 client.

The client have the right GPO, URL to DA server and can resolve the correct IP of the DA server.
1
Comment
Question by:xcomiii
  • 3
5 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 40570284
Hi,

are all your clients Enterprise Windows 7 ?
0
 
LVL 9

Accepted Solution

by:
xcomiii earned 0 total points
ID: 40570567
Yes, all WIn7 Enterprise.

Output from the DA server on the HTTPSTUNNEL interface:
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role                       : server
URL                        : https://da.domain.com:443/IPHTTPS
Client authentication mode : none
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

Output from the client's HTTPSTUNNEL interface:
------------------------------------------------------------
Role                       : client
URL                        : https://da.brreg.no:443/IPHTTPS
Last error code            : 0x2746
Interface Status s           : Could not connect to IP-HTTPS server, reconnecting

The external IP of da.comain.com is NAT'et to a BIG-IP VIP, which only have 1 DA server in the pool at the moment.
I suspect that BIG-IP is dropping traffic, and I have no option to bypass the BIG-IP due to routing issues.

Anyone who can give me a hint where to start? The BIG-IP is setup by another technician who is not very fluent in special setup like Direct Access, only standard web servers.
0
 
LVL 9

Author Closing Comment

by:xcomiii
ID: 40934468
Found out, it was error in the BIG-IP config.
0
 

Expert Comment

by:B Holmes
ID: 40944334
Hi xcomiii,

We're facing the same issue (error 0x2746) and also have a DirectAccess cluster load-balanced by F5 BIG-IP.  Could you detail what you changed in BIG-IP's config?  Many thanks,
Brendan
0
 
LVL 9

Author Comment

by:xcomiii
ID: 40944444
As I understood, the magic was NOT to terminate SSL sessions at BIG-IP, but instead use a perfomance forwarding rule. In other words, just to forward all the traffic to the DA servers without any change/inspection/SSL termination.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now