Troubleshooting DirectAccess Manage Out Connections

The following are some troubleshooting steps if you run into problems getting inside-out management working.  Inside-out management is the ability for a machine on the internal corporate network, such as a helpdesk machine, to be able to initiate communications to remote, internet-based DirectAccess clients, such as by using RDP sessions, remote registry, or mapping drives….

2

A Solution to the “Forwarding on the 6to4 Interfaces Cannot be Enabled” Error

Ben Ari posted an answer to the Forwarding on the 6to4 Interface cannot be enabled error that you might see when you try to activate the DirectAccess configuration on the UAG DirectAccess server. When you activate the configuration, it will look something like this:   Check Ben’s blog post at http://blogs.technet.com/b/ben/archive/2011/01/27/forwarding-on-the-6to4-network-interface-cannot-be-enabled.aspx for the reason and…

0

URL and Antivirus Filtering for DirectAccess Clients

The question on how to handle DirectAccess clients and Internet security for those clients is always a popular topic. As I’ve mentioned many times in this blog, the overall threat and management profile of the DirectAccess client should be little different than a client that is on the intranet. However, there is one major difference…

19

Does Removing ISATAP for the DNS Block List Impact Security?

If you choose to deploy ISATAP to support your DirectAccess deployment, one of the things you need to do is remove the name ISATAP from the DNS block list if you’re using a Windows DNS server running Windows Server 2003 SP2 or above. By default, these DNS servers will not resolve queries for the names…

0

IPv6 and DirectAccess Troubleshooting Cheat Sheets

What would you be willing to pay for a really cool IPv6 and DirectAccess troubleshooting cheat sheet? $5? $10? $100? ONE HUNDRED BILLION DOLLARS? Would you pay one hundred billion dollars for these cheat sheets? Since these cheat sheets are priceless we’re going to give them away. Thanks to DirectAccess guru and all around good…

2

DirectAccess Gets Positive Comments in The Register

From what I hear, this year is going to be the year where we see the wave of enterprise Windows 7 rollouts take place. While I’m not sure how these assessments are made, it makes sense from where I sit. Windows 7 Service Pack 1 has been released and end users, admins and the media…

1

DirectAccess – More Information on the “No Usable Certificate(s)” 0x103 Error

In the continuing saga of the “No Usable Certificate(s) 0x103” error, which has been discussed in two previous blog posts: http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx and http://blogs.technet.com/b/tomshinder/archive/2011/02/21/another-cause-of-the-no-usable-certificates-s-0x103-error.aspx#3415408 we’ll expand on the explanation for the reason why the computer certificate isn’t included in the NTAUTH store on the UAG DirectAccess server. In the second link noted above, we discovered that…

1

UAG DirectAccess and the IPv6 Internet

We’ve received a number of questions recently about UAG DirectAccess support for the IPv6 Internet. When thinking about the IPv6 Internet, you need to think about when the DirectAccess client is on an IPv6 Internet (or on an IPv6 only intranet) and when the UAG DirectAccess server has its external interface connected to an IPv6…

7

Another Cause of the “No Usable Certificate(s) 0x103 Error

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx Phillip Sand clued me into another possible cause of IP-HTTPS connectivity problems. First, whenever you suspect a problem with…

13