Microsoft DirectAccess + Surface Pro 4s
Hello All --
I am trying to test out DirectAccess with our Surface Pro 4 tablets. I've gotten everything setup and it even connects via IP-HTTPS as per the screenshot:
I tried a few troubleshooting tools and guides (making sure domain firewall profile is applied to the internal network interface, pulling logs from the client, making sure port 443 is open on the firewall, etc) with no success. It seems like the client is able to successfully connect but no data is being returned.
Back tracking a bit, we have the following environment.
Environment:
DirectAccess Server (Windows 2012 R2, 2 Network Interfaces with 1 DMZ and 1 Internal)
* Public GoDaddy cert for IP-HTTPS
* Self-signed the NLS
DirectAccess Client (Surface Pro 4 with Windows 10 Enterprise)
Cisco Meraki Environment (IPv4 only)
The only thing I can think of now is that it doesn't work in our environment since we have an IPv4 only environment. The meraki firewall (MX) only passes IPv6 traffic in passthrough mode (which it is not). However, when i'm reading the articles online, it appears that IPv6 just has to be enabled on the client and not the internal environment itself for DirectAccess to work. Any one can clarify? Any other troubleshooting steps I can take?
Thanks!
I am trying to test out DirectAccess with our Surface Pro 4 tablets. I've gotten everything setup and it even connects via IP-HTTPS as per the screenshot:
I tried a few troubleshooting tools and guides (making sure domain firewall profile is applied to the internal network interface, pulling logs from the client, making sure port 443 is open on the firewall, etc) with no success. It seems like the client is able to successfully connect but no data is being returned.
Back tracking a bit, we have the following environment.
Environment:
DirectAccess Server (Windows 2012 R2, 2 Network Interfaces with 1 DMZ and 1 Internal)
* Public GoDaddy cert for IP-HTTPS
* Self-signed the NLS
DirectAccess Client (Surface Pro 4 with Windows 10 Enterprise)
Cisco Meraki Environment (IPv4 only)
The only thing I can think of now is that it doesn't work in our environment since we have an IPv4 only environment. The meraki firewall (MX) only passes IPv6 traffic in passthrough mode (which it is not). However, when i'm reading the articles online, it appears that IPv6 just has to be enabled on the client and not the internal environment itself for DirectAccess to work. Any one can clarify? Any other troubleshooting steps I can take?
Thanks!
Cliff Galiher
DirectAccess does not support software that requires IPv4 end to end. The client end must not only have IPv6 enabled, but any software on the client end must also support IPv6. On the server end, if you are not gong to use IPv6, you must configure some sort of 6 to 4 topology.
ASKER
Thanks for the reply.
I thought Server 2012 direct access server has built-in NAT64 and DNS64 support for accessing IPv4-only resources so I would think it's possible to have an IPv4 corp network only?
I thought Server 2012 direct access server has built-in NAT64 and DNS64 support for accessing IPv4-only resources so I would think it's possible to have an IPv4 corp network only?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gotcha but I should still be able to ping servers (including the DA server) and/or access file shares? I am unable to do so and the W10 Enterprise client is stuck on this screen:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solved my own problem.