Direct Access Windows 2012 r2

Hello,

I have a problem with DirectAccess on Windows Server 2012 R2, and it's bugging me for some time now.
Story goes like this..
I have deploy DA on server with single nic, on local network behinde NAT, for Windows 7, 8 and 8.1 clients and it  was working.
After some time I have created DMZ, remove configuration of DA server, install second network card behinde NAT, for same clients and that was working as well. It was working for almost 2 years. IP-HTTPS clients.
Now I had to remove DMZ zone, so I removed configuration, remove 1 NIC, deploy again DA for server with 1 NIC and now it does not work.

Everything is green on DA server. Reboot does not help. Client DCA shows status disconnected, and I cannot ping or getto any corporate resources.
On Win 7 client ip-https interface is active (netsh interface httpstunnel show interfaces)
Netsh dnsclient show state --> enabled and client is outside network.
Since Win 7 use DTE, and I know which ipv6 address  DTE has, I can ping them from client.

What I have noticed is that on Advanced Firewall, even tho there are all 4 required Connection Security Rules, nothing is showing up in Security Associations. Nothing in Main mode or Quick mode.
Runing wireshark I can see that client is asking where DA server is. Client sending helo to server, server responding and showing certificate...but I don't understand rest of log :)

I am guessing it is something with firewall but im not shure what to look or how to fix..

PS: I have tried to remove DA and install new DA server, same thing happends. Server is going thrue correct internet link, public DNS name is ok and pointing to server...

Any ides? :)
LVL 19
IvanSystem EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IvanSystem EngineerAuthor Commented:
BUMP...

Can some1 post Client and Server GPO form working configuration?
Maybe something is bugged in my, so i would like to compare it..
ChrisSenior Technical ArchitectCommented:
did you remove all the static routes you put in for the DMZ config

install this and use it to have a look at the issues on the client.

http://www.microsoft.com/en-gb/download/details.aspx?id=41938
IvanSystem EngineerAuthor Commented:
Hello,

There are no static routes, since LAN has only 1 subnet.

I have run application and results are in pdf file.
I have also attached all netsh inf, and fw status.

PS: This is from Windows 8.1 client. Sam thing is on Windows 7.

Regards,
DA.pdf
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

ChrisSenior Technical ArchitectCommented:
if you had two NIC's at some point you would have needed static routes

for the infrastructure tests i would suggest you try some different options - i use ping or an internal webserver for those tests.
IvanSystem EngineerAuthor Commented:
After raising case with Microsoft it turns out that there is a bug in DA, regarding removing and configuring it again.
What happened is that GPO for client and server don't get deleted sometime, and when you are reconfiguring it, instead of creating new GPO old one gets used...and bunch of settings get messed up.

So, when you decide to reconfigure it, after you remove DA configuration, make sure to check if GPO's were removed as well from domain, before you configure it again...

Regards,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IvanSystem EngineerAuthor Commented:
After raising case with Microsoft it turns out that there is a bug in DA, regarding removing and configuring it again.
 What happened is that GPO for client and server don't get deleted sometime, and when you are reconfiguring it, instead of creating new GPO old one gets used...and bunch of settings get messed up.

 So, when you decide to reconfigure it, after you remove DA configuration, make sure to check if GPO's were removed as well from domain, before you configure it again...

 Regards,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.