Denny Hixson
asked on
Direct Access clients randomly disconnect \ network profile changes
Good morning everyone. Let me describe my environment - I have DA setup on server 2016, running on 2 servers and loadbalanced on a Kemp. NLS servers are on dedicated, clustered servers as well. Direct access seems to be running ok but every day I get a random user calling with the same issue as the other.
Scenario: Users are outside the network connected through DA. Their DA connection will drop and I will get the these errors in the event log of the DA server they are connected to (events attached) "An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted." and "An IPsec main mode negotiation failed.". Then Direct Access will be stuck in the connecting status. The user then simply shuts down and calls it a night. When they come into the office the next morning, they log into the network but their computer's network domain is on public or private and not to ourdomain.local. The only way to fix it is to pull out the DA registry keys and reboot - although this is not a good or safe solution. I have verified the NLS servers are up and accessible. And again, it doesnt happen to everyone, only about 1 out of every 5 users.
What would make the local computers come up on the public or private network right at bootup?
Any help would be GREATLY appreciated!
1.txt
2.txt
Scenario: Users are outside the network connected through DA. Their DA connection will drop and I will get the these errors in the event log of the DA server they are connected to (events attached) "An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted." and "An IPsec main mode negotiation failed.". Then Direct Access will be stuck in the connecting status. The user then simply shuts down and calls it a night. When they come into the office the next morning, they log into the network but their computer's network domain is on public or private and not to ourdomain.local. The only way to fix it is to pull out the DA registry keys and reboot - although this is not a good or safe solution. I have verified the NLS servers are up and accessible. And again, it doesnt happen to everyone, only about 1 out of every 5 users.
What would make the local computers come up on the public or private network right at bootup?
Any help would be GREATLY appreciated!
1.txt
2.txt
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Open in new window
Or, set the Network Location Awareness service to Automatic (Delayed).
It sounds like they may be polling for network location before the network stack is ready. This is not an uncommon situation especially for systems that may be quite busy during startup.