I've been trying to get DirectAccess working for quite some time now without success.
I've discovered that if i disable the windows private networks firewall profile on the client computer that i am able to connect to DA and ping internal corporate servers. I've enabled logging of dropped packets on the client windows firewall and i see dropped UDP 53 packets. So i've created an outbound rule to allow udp 53 and its still logged as dropped. I've also allowed all outbound and i'm still unable to connect. If i disable the windows private firewall profile on the client, DA connects immediately.
The DA server is setup as basic as it can be, with a single nic and self-signed certs. The corporate firewall is allowing internal 443. We have a GPO that disables the "domain networks" firewall profile otherwise defaults plus the changes made by the DA getting started wizard GPOs
Any help would be greatly appreciated!!
Edit: Server Currently Server 2016. I've tried multiple deployments of 2012. Client is Windows 10 1607 enterprise