Windows Server 2012 Essentials - Anywhere Access

I am trying to setup VPN access for a client running Windows Server 2012 essentials. I have run through the anywhere access wizard, installed SSL cert & manually forwarded ports 443 & 80 on the router.

In order to connect to the VPN externally is it simply a case of configuring a VPN connection in network connections on the remote PC as I have tried to connect using this method on my test machine and have had no luck.

Does anywhere access work differently in terms of how the clients connect to the VPN, do they need to use the connect software that is installed when first joining the PC to the domain?
Daniel BertoloneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IvanSystem EngineerCommented:
Hi,

direct access does not require any vpn connection. When you have run wizard it has configured all domain workstations to be able to use it, or just mobile devices, eg. laptops. You can check this by opening DA console and editing first of 4 possible settings. That is client settings.

If it is configured for all mobile devices, then make sure that laptop that you use to test it, is either Windows 7, 8, 8.1 or 10 ENTERPRISE! DA does not work on Professional or other versions of windows.
PS: It work on Win 7 ultimate as well.

As soon as you disconnect laptop from local network and connect it to some other network, like home or so, it will try to connect to DA server.
Make sure you update server and clients. Make sure client laptop is joined to domain. DA does not work with workgroup computers.
You cannot use ip address to access company resources. Must use DNS name.

Make sure Windows firewall is turned on, on DA server and every laptop that you are using. Make sure it is Windows firewall. It will not work if you are using some 3rd party firewall.

If you are using Windows 7 to test it, then you need to edit configuration of DA server, since by running wizard it will not configure it self and GPO to allow windows 7 clients to use it.
For Win 7 you need to deploy certificates, PKI infrastructure.

Download Microsoft Windows DirectAccess Client Troubleshooting Tool
http://www.microsoft.com/en-us/download/details.aspx?id=41938

Run it, and see where it is stuck.

Regards,
ivan.
0
Cliff GaliherCommented:
The Essentials Anywhere Access doesn't set up DirectAccess though.

The answer to the original question is no, the connector is not required. If you checked the VPN box during the Anywhere Access setup then it sets up PPTP and SSTP. If you are only forwarding 443 and 80, then SSTP should work, but you have to have a client that does SSTP VPNs.  So no XP.  But Win7 should work and autoconfigure on the client side should figure it out. If things aren't working I'd suspect network setup first. make sure all port forwarding works as expected. Turn on logging. Look for errors on both the server and client. If there is an issue, almost guaranteed there is an event log telling you why.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Daniel BertoloneAuthor Commented:
Thanks for the reply's guys.

Currently there is not a requirement to use the full features of Anywhere Access; I simply need VPN access for an existing user that has a PC already connected to the domain.

Aside from 443, are there any other ports I should be forwarding as I receive a 720 error when trying to connect from our test machine.

I have checked the error logs on the server and I have noticed two errors indicating possible issues:

- connected to port VPN1-49 has been disconnected because no network protocols were successfully negotiated.
- RoutingDomainID- {: No IP address is available to hand out to the dial-in client.
0
Daniel BertoloneAuthor Commented:
Hi Guys

The connection appeared to have resolved itself as I can now connect without issue, next problem I have is that I am unable to ping or resolve DNS names, IP works fine.

I noticed when connected to the VPN I do not get assigned a default gateway (0.0.0.0), could that be causing my issue?
0
Daniel BertoloneAuthor Commented:
Any thoughts guys?
0
IvanSystem EngineerCommented:
Hi,

did you get DNS address assigned when you connect? Is it some internal DNS address?
Did you ping by NetBIOS name (like server name) or with fqdn (server.domain.name)?

Regards,
Ivan.
0
Daniel BertoloneAuthor Commented:
Hi Ivan

I get the following from command line:  

Connection-specific DNS Suffix  . : *****
 Description . . . . . . . . . . . : *****
 Physical Address. . . . . . . . . :
 DHCP Enabled. . . . . . . . . . . : No
 Autoconfiguration Enabled . . . . : Yes
 IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
 Subnet Mask . . . . . . . . . . . : 255.255.255.255
 Default Gateway . . . . . . . . . :
 DNS Servers . . . . . . . . . . . : 192.168.1.1
 NetBIOS over Tcpip. . . . . . . . : Enabled

What I have noticed is that I can’t ping just the server name however I do get reply’s and am able to browse when I use servername.domain.

Am I missing something on the VPN configuration that would, automatically pass the domain details to enable me to browse/ping resources by name?
0
kadadi_vIT AdminCommented:
Please check this info :  https://www.youtube.com/watch?v=aXBiV3pQrLg

Other that this if you have firewall with VPN Feature then you can create the SSL VPN policy and give the access to the server only . So after VPN connected you can RDP to Windows 2012 server easily.

Regards,
VK
0
Daniel BertoloneAuthor Commented:
Thanks for the link, I have already configured anywhere access and can connect to the network using client side VPN however as described I cannot browse or ping server name however if I ping servername.domain I get a response.

I need to know if there is any configuration I can set to force the domain details when connecting so that my clients are able to resolve shares that are already configured on their PC’s when working form home.
0
Richard DanekeTrainerCommented:
Have you run the connect wizard from the remote machine?

Remote VPN is configured by Microsoft when the remote machine does the <server>/connect wizard.

Also, some routers have an option to not respond to Ping requests.
0
Daniel BertoloneAuthor Commented:
Issue resolved by adding the DNS suffix to the clients local VPN connection
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daniel BertoloneAuthor Commented:
Issue self resolved
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.