Cannot connect to direct access clients from management servers

Similar Messages

• Cannot connect to an Access database from DreamWeaver

  Hello.
  I'm creating my first web page with a DB connection.
  I have a minimal DB with a simple table.
  This is a DB as Access create it by default, with no password
  and no
  security constraints.
  In DreamWeaver, I have created a default DB connection string
  for Access
  2000.
  I have removed, from this connection string, the UserID and
  the Password as
  there is no password for my DB.
  I have put the right path for this DB.
  But it doesn't work!
  I receive the message: (sorry for my bad english) cannot open
  the DB, it is
  already open by another user (it is not the case: the DB is
  closed) or you
  must have autorisation to visualised the data.
  Do you have an idea ?
  Alain.

  "chucknado" <[email protected]> a écrit
  dans le message de
  news:fbnon3$47m$[email protected]..
  > You might have a file or folder permissions problem.
  Please see the
  following:
  >
  >
  >
  http://livedocs.adobe.com/en_US/Dreamweaver/9.0/WSc78c5058ca073340dcda9110b1f693
  > f21-79f0.html
  >
  > Charles Nadeau
  > Dreamweaver
  > Adobe Systems
  >
  I'm not an expert in file permissions so I have simply moved
  my DB on the
  HDD of my PC, before it was on another server.
  So, now, I think I have no file permission problem anymore.
  I can connect the DB from DreamWeaver but I cannot see the
  tables !
  If I open the Tables node of the db tree in the Database
  window of
  DreamWeaver, I receive the message:
  "Error calling GetTables".
  Do you have an idea or an advice ?
  Thanks in advance,
  Alain.

• Routing back to Direct Access Clients - is this possible?

  Hi,
  We have been using direct access for the past few months successfully, however the one problem we are still having is we can't use programs that require a route back to the Direct Access client (such as managing a Hyper-V machine on the local lan), using SourceOffsite
  or even using Remote Desktop to remote onto a direct access client or ping the direct access client.
  Our local LAN uses Ipv4 and we can route fine to the Direct Access clients from the Direct Access Server where the tunnel terminates but not from any other machine on the network. Do I need to change the direct access configuration to allow this or do I need
  to somehow create a route on my LAN for the direct access clients?
  Thanks in advance
  David

  I found out how to do this in this useful article and tested it and it is working fine - thanks.
  http://www.packtpub.com/article/configuring-manage-out-to-directaccess-clients

• ConfigMgr Clients connection over direct access.

  My test client machine is running Windows 8.1 and connecting to network through Direct Access. I am running SCCM 2012 R2 on Windows Server 2012.
  Test Machine: NYWIN8
  SCCM Server: SCCM01
  Domain: demo.local
  I would like to understand how configmgr handles clients connecting through direct access. What all functionality is available for such clients?
  On my client machine is see following errors:
  FSPSTATEMESSAGE.LOG
  Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7
  [CCMHTTP] ERROR: URL=HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED
  POLICYAGENT.LOG
  Policy
  http://SCCM01.demo.local/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 is not available.
  DATATRANSFERSERVICE.LOG
  DTS job {E6FAADEE-F22E-4E89-92EE-C2D9C10C3056} BITS job {9C444FAB-FD3C-4A6B-B8A4-81DA159E4E45} failed to download source file
  http://SCCM01.demo.local:80/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 to destination C:\Windows\CCM\Temp\{C9AA0DDC-BD37-442D-A00E-EE7404D47C12}.tmp with error 0x80190194
  DTS job {E6FAADEE-F22E-4E89-92EE-C2D9C10C3056} BITS job {9C444FAB-FD3C-4A6B-B8A4-81DA159E4E45} partially completed 0/1 with error 0x80190194 context 5
  Software Catalog Update Endpoint
  Failed to open portal registry key 'Software\Policies\Microsoft\CCM'. maybe haven't been created yet. Error 0x80070002
  WEDMTRACE.LOG
  No CCM Identification blob
  CAS.LOG
  The number of discovered DPs(including Branch DP and Multicast) is 0
  SMSCLIUI.LOG
  Failed to set DNSSuffix value to the registry.
  Are there any issues due to connecting using direct access?

  When I try to deploy any software (7-ZIP or Notepad++) to this client I get following error:
  The software change returned error code 0x87D00607(-2016410105).
  I can deploy same software fine to other machines connecting on LAN.
  Server Logs:
  Portlctl
  PORTALWEB's previous status was 0 (0 = Online, 1 = Failed, 4 = Undefined)
  PORTALWEBs http check returned hr=0, bFailed=0
  awbsctl
  AWEBSVCs http check returned hr=0, bFailed=0
  AWEBSVC's previous status was 0 (0 = Online, 1 = Failed, 4 = Undefined)
  Client Logs:
  CAS
  The number of discovered DPs(including Branch DP and Multicast) is 0
  CCMEVAL
  Client's current MP is http://SCCM01.DEMO.local and is accessible
  ClientLocation
  Current AD forest name is Demo.local, domain name is Demo.local
  Domain joined client is in Intranet
  Rotating assigned management point, new management point [1] is: SCCM01.demo.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>
  Assigned MP changed from <SCCM01.demo.local> to <SCCM01.demo.local>.
  ContentTransferManager
  No data since 11/13/2013
  CTM job {F6085C09-4C39-489E-A6F6-2C268398B7F2} successfully processed download completion.
  DataTransfer
  DTS job {B227AB6E-6D0F-4709-B8C6-AA8B66CBBE2D} BITS job {AE61D01C-E251-45FA-8B2C-2E22DDD91016} failed to download source file
  http://SCCM01.demo.local:80/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 to destination C:\Windows\CCM\Temp\{22619283-47B1-445A-9262-C1FA54AD0F64}.tmp with error 0x80190194
  DTS job {B227AB6E-6D0F-4709-B8C6-AA8B66CBBE2D} BITS job {AE61D01C-E251-45FA-8B2C-2E22DDD91016} partially completed 0/1 with error 0x80190194 context 5
  Filebits
  BranchCache Is Not Enabled
  Failed to check PeerDistribution status. NOT able to do branch cache.
  FSPSTATEMESSAGE
  Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7
  [CCMHTTP] ERROR: URL=HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED
  Successfully sent location services HTTP failure message.
  InternetProxy
  Failed to get proxy for url 'HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp'. Error 0x87d00215
  InventoryAgent
  Inventory: 9 Collection Task(s) failed.
  SCCLIENT
  Event maps to notification type = Application Enforcement Failed   (Microsoft.SoftwareCenter.Client.Data.WmiConnectionManager at EventWatcher_EventArrived)
  SMSCLIUI
  Failed to set DNSSuffix value to the registry.
  IPCONFIG /ALL from CLIENT:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : NYWIN8
     Primary Dns Suffix  . . . . . . . : demo.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : demo.local
     System Quarantine State . . . . . : Not Restricted
  Ethernet adapter vEthernet (Internal):
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
     Physical Address. . . . . . . . . : 00-15-5D-01-0B-07
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::d3f:4e51:c648:7b26%26(Preferred)
     Autoconfiguration IPv4 Address. . : 169.254.123.38(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.0.0
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 872420701
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter vEthernet (External):
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-DE
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::9cb5:5132:1f47:e7c6%24(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Thursday, January 2, 2014 1:27:53 PM
     Lease Expires . . . . . . . . . . : Saturday, January 4, 2014 12:27:55 PM
     Default Gateway . . . . . . . . . : 192.168.1.1
     DHCP Server . . . . . . . . . . . : 192.168.1.1
     DHCPv6 IAID . . . . . . . . . . . : 730113736
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     DNS Servers . . . . . . . . . . . : 192.168.1.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Wireless LAN adapter Local Area Connection* 3:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-DF
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Bluetooth Network Connection:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-E2
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Ethernet:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
     Physical Address. . . . . . . . . : E0-DB-55-D2-5E-59
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.home:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter iphttpsinterface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : iphttpsinterface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:e1a7:9cc8:c3c7:d819(Preferred)
     Temporary IPv6 Address. . . . . . : fd64:fc00:d17b:1000:c598:7f17:e286:369d(Preferred)
     Link-local IPv6 Address . . . . . : fe80::e1a7:9cc8:c3c7:d819%10(Preferred)
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 369098752
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter isatap.{DC7D2C63-1506-49EC-A40F-AA4E56DE4001}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

• WIndows 8.1 Direct Access Client Needs to approve external wifi use before it connects - proxy not responding

  Ok So I have windows 8.1 with Direct Access Client and it works fine when I am able to check and uncheck proxy settings - which is a bit of a pain and seems unnecessary (I hope). If I take the laptop to a Starbucks I get the error that the proxy server is
  not responding so it never redirects for me to "accept" the rules.
  If I uncheck my proxy settings it then redirects and connects to their internet wifi and off I go - DA connects and all is well.
  I am using a GPO to configure the proxy settings as shown (all options are greyed out for the users)

  Hi,
  Your problem is a classic one when using that kind of proxy settings, unfortunately.
  To solve this without the need of user interaction, there are two solutions that will sort this out for you. In your case, if you want to use your corporate connection for internet traffic even over da, I'd opt for alternative 1 or 2 depending on what you are
  trying to achieve.
  1. WPAD (Web Proxy Auto Discovery protocol http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) - it actually uses the Automatic browser configuration checkbox on your client and looks for the file wpad.dat on a specific web server that you Pointout
  with either dns-record called wpad or DHCP option 252.
  2. Auto configuration script (pac script http://en.wikipedia.org/wiki/Proxy_auto-config) - uses the same kind of file as above. The difference is that you get the possiblity, like you want in your scenario to target what users that should get the script.
  See this below article for more details on the options you have.
  http://technet.microsoft.com/en-us/library/dd361918.aspx
  http://techlib.barracuda.com/display/WSFLEXv41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management
  Let us know if you need further assistance!
  /Johan
  MCT | MCSE: Private Cloud/Server, Desktop Infrastructure

• 2008 R2 printer server, cannot connect to printer, access denied, Windows 7 OS only

  Deployed new Windows 2008 R2 domain controller, added print and document controll. Added several network printers on R2 server. We currently have mostly Vista biz clients but half a dozen W7Pro clients also. The Vista clients connect to these new network
  printers, no problem but none of the W7 clients will connect. I select the printer from the drop down directory list and select to load the drivers, the system starts loading drivers and then right before it finishes it stops with error message, "Windows cannot
  connect to the printer. Access denied. Again, this happens only with the W7 clients on our domain, Vista works fine.

  By default, the security settings for Windows 7 and Server 2008 R2 allow users who are not members of the local
  Administrators group to install only trustworthy printer drivers, such as those provided with Windows or in digitally signed printer-driver packages. You may want to install printer-driver packages on the print server
  or in the clients. More details can be found this page: Cannot
  connect to printer, Access denied -
  http://www.chicagotech.net/server/print3.htm
  Bob Lin, MS-MVP Networking, Internet, Routing, VPN Troubleshooting on
  http://www.ChicagoTech.net
  How to Setup Windows, Network, VPN & Remote Access on
  http://www.howtonetworking.com

• Windows Server 2012 - Direct Access clients and the Windows 8 firewall

  Hi,
  We're running a simple proof-of-concept for Server 2012 Direct Access, we have a single DA server behind a firewall using NAT. We have a number of client devices setup for DA and running Windows 8.
  Our issue is that we can only get the Windows 8 direct access clients to connect (when outside the corporate network) and work with the windows firewall disabled (public network profile). 
  With the windows firewall disabled everything works exactly as expected. When outside the corporate network the client detects the network state (public network profile), connects via DA and all internal resources can be accessed successfully...fantastic.
  Is there some specific guidance on manually configuring the windows 8 firewall for Direct Access ? We've tried the obvious TCP:443 with edge traversal enabled but without success.
  Much of the information we have found relates to UAG rather than Windows 2012 DA.
  Any assistance is appreciated.

  Hi,
  There isn’t any specific configuration on the firewall.
  Just confirm that port 443 can be forwarded to DirectAccess server.
  Of course, make sure you are using IPsec first.
  Check the links:
  STEP 6: Test DirectAccess Client Connectivity from Behind a NAT Device
  http://technet.microsoft.com/en-us/library/hh831524.aspx#TeredoCLIENT1
  DirectAccess for Windows Server 2012 Installation & Configuration Guide
  http://syscomlab.blog.com/2012/09/directaccess-for-windows-server-2012-guide/
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 8.1 cannot connect to group policy client service

  Windows 8.1 laptop under administrator account has this "cannot connect to group policy client service" error.Found the following instructions on internet but I don't see this "Replace owner on subcontainers and objects" box on Permissions/Advanced
  popup windows ???
  Could anyone help ?
  Change the permissions on the relevant keys configuring the Group Policy Client service to allow Full Control to Administrators
  Open regedit (Start > type regedit in the search box) and navigate to:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
  Right-click the registry key and choose Permissions.
  Click Advanced, then click Owner.
  Choose Administrators and check the Replace owner on subcontainers and objects box.
  Exit the permissions dialog and then open it again.
  Click Advanced, then choose Administrators and click
  Edit…
  Check Replace all child object permissions with inheritable permissions from this object.  
  Click OK and confirm; exit.
  Thank you,

  Hello CarLover,
  Based on my test, the option Replace owner on subcontainers and objects exists in Windows 7, but doesn’t exist in Windows 8.1.
  Please take a look at the screenshot about the option in Windows 7.
  Please take a look at the following thread similar to this issue.
  http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/why-wont-windows-connect-to-the-group-policy/b73107f8-8447-4599-87a5-65ecc6a63aa0
  Best regards,
  Fangzhou CHEN
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Cannot connect to the iTunes Store from my home network since I upgraded to ios 6

  I own an iPad 2 and recently upgraded to ios 6. Since then, I cannot connect to the iTunes store from my home network.  I can navigate any other site and access any other application.  I can even reach the iTunes store through My Personal Hotspot and through my office network. 
  Has anyone experienced something similar?  My network carrier is Telmex and I know for sure, they block port 25.  Any guess on whether there could be a setting impeding connection?
  Help!!!

  Hi Nickey,
  If you are having difficulty connecting to the iTunes store from your PC there are a number of things you can try to get connected again. Details are available in this article -
  Can't connect to the iTunes Store
  http://support.apple.com/kb/TS1368
  I see you have already checked to make sure your system and other software is up to date, but there are plenty of ways to continue from there.
  Thanks for using Apple Support Communities.
  Best,
  Brett L

• HT204003 if i open passbook on iphone 5, it always say cannot connect to itunes, any fix from apple tech support? and whats the reason for this problem? why do we have to figure it out and not even apple can give answer??

  if i open passbook on iphone 5, it always say cannot connect to itunes, any fix from apple tech support? and whats the reason for this problem? why do we have to figure it out and not even apple can give answer??

  actually i found out how to fix it
  1 sign out of apple account
  2 close down passbook app
  3 change year to 2013
  4 reopen passbook and sign in at the button with your apple ID
  5 change the time to auto update and it should work from now on.
  this worked for me let me know if it work for you:)

• Cannot connect to iBookstore on iTunes from ipad

  Cannot connect to iBookstore on iTunes from my iPad even though a couple of weeks ago everything was fine.
  If anyone had a similar problem and was able to resolve it I would appreciate a feedback.
  I tried resetting the iPad as well as the router but nothing seems to work.

  Try closing all of the apps in the recents tray on your iPad, reboot again and then try the iBooks Store again
  Go to the home screen first by tapping the home button. Double tap the home button and the recents tray will appear with all of your recent apps displayed at the bottom. Tap and hold down on any app icon until it begins to wiggle. Tap the minus sign in the upper left corner of the app that you want to close. Keep swiping in the recents tray until you close all of the apps. Tap the home button or anywhere above the task bar.
  Reboot the iPad by holding down on the sleep and home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider if it appears on the screen - let go of the buttons. Let the iPad start up.

• Win8.1 Direct Access Client Stuck at "Connecting"

  I'm experimenting with Direct Access in a lab setting with 1 client and 3 2012 R2 servers. The client is running Windows 8.1 Enterprise.
  The client is always able to connect to the Direct Access server but is unable to ping or connect to the 2 servers that don't have RAS installed. Moreover, this behavior migrates to whichever server is running Remote Access Server: So, if I remove the role
  and install on another server, the client is able to communicate with the new server, but not the old.
  The connection from the client to the server is via IP-HTTPS (only option available to me in this environment). The client is able to reliably determine when it's on the Internet versus the intranet. However, when on the Internet, it stays in a "Connecting"
  state and never connects, but I'm still able to access the DA server.
  Does anyone have any ideas on how to resolve this?

   I managed to resolve the issue. I'm posting here in the hope that this may help another newbie to DA.
  Here's what caused my issue: As I mentioned, this was a lab environment where the limited number of machines were fulfilling multiple roles. In particular, the DA Server was also a backup domain controller running DNS. In my research, I came across a comment
  on http://directaccessguide.com that mentioned that the DA Server runs DNS64 to support clients; that made me suspicious that the regular DNS server was in some way conflicting. And, in fact, before this server was
  made a backup DC, DA was functioning just fine. Removing the backup DC role resolved the issue.
  So the takeaway is this: Don't run the regular DNS service on the DA Server; if you do, you will get DA client connectivity only to the DA Server.

• Cannot apply Direct Access Client GPO on Windows 8.1 Enterprise client

  Hi, I have made a Direct Access environment on Windows Server 2012 R2 Essential.
  All setting seems to be ok, but i'm completely stuck when i have to export the DA client GPO to the client computer.
  The client computer is a Win8.1 Enterprise, already joined to the domain.
  When execute the command gpupdate /force, it complete successfully but when i do a gpresult /R i have nothing in the "Applied Group Policy Object" field (N/A) while i should have the Default domain GPO and the DA client GPO.
  What is wrong at this state ?
  Thanks

  My user1 is in the "DirectAccess" group.
  In all the tutorial i saw, i have never seen you have to add the computer object to this group but only the user.
  Anyway, i have just add it to the group.
  From my first post, here is what i did.
  ran a Group Policy Result, from the DC to the client. 
  It give me the error RPC unavailable. 
  So i open the local policies on the client > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall >
  Domain Profile > double click on "Windows Firewall: Allow inbound remote administration exception" > tick enable 
  I reran the Group Policy Results, and it work this time. 
  Now i have the result for the User1 on TECH2 client pc. 
  On details pane > Denied GPOs 
  The DA client setting is deny with the reason "access denied" ...
  Now on the client computer after a GPRESULT /R
  Computer settings
  Applied Group Policy Object
  Default Domain Policy
  Local Group Policy
  The following GPOs were not applied because they were filtered out
  DirectAccess Client Setting
  Filtering: Denied (Security)
  DirectAccess Server Settings
  Filtering: Denied (Security)  -> normal

• Cannot connect to ag-sql-listener from Secondary Server

  Greetings,
  I have a Azure VM setup with two SQLs SQL1 and SQL2, they run a High Availability setup with SQL-AG-Listener as the listener name. 
  My problem is currently is that if I have SQL1 as Primary, when I'm logged into SQL2 I can't use the SQL-AG-Listener as target to get the Primary server. However I can do a connection to SQL1 directly. 
  On the Primary server I can however use the SQL-AG-Listener and will get the local server as expected. 
  The SQL-AG-Listener works perfectly from outside the local network of Azure.
  ===================================
  Cannot connect to ag-sql-listener.
  ===================================
  A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider:
  Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
  ===================================
  I don't know what else I can try and do now. I have run through most of the issue handling as I can, all from Opening all ports to and from both the SQL servers on the domain level. Made sure that named pipes, TCP/IP connections on both SQL servers was enabled.
  As I can run towards them from the outside, and can connect to them directly on name from the SQL servers themselves, then I know that they can take remote access.
  Any idea on what I might be missing would be welcome.

  Yes, I know I had a typo in the above, where the ag-sql-listener was typed wrong.. It was ofcause SQL-AG-Listener.
  But it is still a problem. I don't know if there are some DNS things that can be done, as it seems this is a problem from within the same subnet and not from outside.

• Direct Access client getting NameResolutionFailure error

  Hi,
  I'm trying to setup Direct Access on a Windows 2012 R2 server and I'm running into what is hopefully a pretty easy problem to resolve.
  I've followed the instructions to setup a simple setup for DA on a Windows 2012 R2 server with everything all on one server and I'm running behind a TMG 2010 server.  On the TMG server I've published the my DA server using a server publishing rule
  based on these instructions
  http://danstoncloud.com/blogs/simplebydesign/archive/2013/04/04/tmg-can-be-a-good-friend-of-directaccess.aspx
  The setup seems pretty straight forward, but now when I'm testing my clients I'm getting the NameResolutionFailure error when I try and connect when I'm not on our internal network.
  The problem I'm pretty sure is DNS related because when my test Windows 8.1 client is on our internal network everything works fine. 
  When I plug the machine into an external network, I get the NameResolutionFailure error for the DA client. If I try and ping anything address on our domain name I get an error that the address is unresolvable.  I can ping any other domain name address fine.
  On my DA server, on the DNS tab of the Infrastructure Server setup I have the following entries:
  mydomain.com              fdf3:137e:5133:ce07:1000::127
  directaccess.mydomain.com
  DirectAccess-NLS.mydomain.com
  directaccess.mydomain.com is the publicly resolvable name of my DA 2012 R2 server that is bound the external IP address published on my TMG 2010 server.  This name is not resolvable when on any internal machines.
  If I execute the get-DNSClientNRPTPolicy command I get this:
  Namespace                        : DirectAccess-NLS.mydomain.com
  QueryPolicy                      :
  SecureNameQueryFallback          :
  DirectAccessIPsecCARestriction   :
  DirectAccessProxyName            :
  DirectAccessDnsServers           :
  DirectAccessEnabled              :
  DirectAccessProxyType            : UseDefault
  DirectAccessQueryIPsecEncryption :
  DirectAccessQueryIPsecRequired   : False
  NameServers                      :
  DnsSecIPsecCARestriction         :
  DnsSecQueryIPsecEncryption       :
  DnsSecQueryIPsecRequired         : False
  DnsSecValidationRequired         : False
  NameEncoding                     : Utf8WithoutMapping
  Namespace                        : directaccess.mydomain.com
  QueryPolicy                      :
  SecureNameQueryFallback          :
  DirectAccessIPsecCARestriction   :
  DirectAccessProxyName            :
  DirectAccessDnsServers           :
  DirectAccessEnabled              :
  DirectAccessProxyType            : UseDefault
  DirectAccessQueryIPsecEncryption :
  DirectAccessQueryIPsecRequired   : False
  NameServers                      :
  DnsSecIPsecCARestriction         :
  DnsSecQueryIPsecEncryption       :
  DnsSecQueryIPsecRequired         : False
  DnsSecValidationRequired         : False
  NameEncoding                     : Utf8WithoutMapping
  Namespace                        : .mydomain.com
  QueryPolicy                      :
  SecureNameQueryFallback          :
  DirectAccessIPsecCARestriction   :
  DirectAccessProxyName            :
  DirectAccessDnsServers           : fdf3:137e:5133:ce07:1000::127
  DirectAccessEnabled              :
  DirectAccessProxyType            : NoProxy
  DirectAccessQueryIPsecEncryption :
  DirectAccessQueryIPsecRequired   : False
  NameServers                      :
  DnsSecIPsecCARestriction         :
  DnsSecQueryIPsecEncryption       :
  DnsSecQueryIPsecRequired         : False
  DnsSecValidationRequired         : False
  NameEncoding                     : Utf8WithoutMapping
  So I'm thinking that the issue is related to the fact that the NRPT table says that directaccess.mydomain.com address there is no DNS specified.  In fact it seems like that entry shouldn't even be there.  When I was configuring DA for the first
  time, I got a warning that said:
  Warning: The NRPT entry for the DNS suffix .serverdomain.local contains the public name used by client computers to connect to the Remote Access server. Add the name Servername.serverdomain.local as an exemption in the NRPT.
  I wasn't sure what this meant at the time but I'm guessing it's relevant to this problem.
  Can some one give some help with this?
  Thanks in advance
  Nick

  Hi,
  So here is what I did.  First the IP information from my DA server IPHTTPS address from ipconfig /all
  Tunnel adapter IPHTTPSInterface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : IPHTTPSInterface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : fdfd:1374:5130:1000::1(Preferred)
     IPv6 Address. . . . . . . . . . . : fdfd:1374:5130:1000::2(Preferred)
     IPv6 Address. . . . . . . . . . . : fdfd:1374:5130:1000:2400:8f5a:a931:1ff8(Preferred)
     Link-local IPv6 Address . . . . . : fe80::2400:8f5a:a931:1ff8%17(Preferred)
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 436207616
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-4F-8E-38-00-15-5D-00-96-05
     NetBIOS over Tcpip. . . . . . . . : Disabled
  So the address of my IPHTTPS address appears to be -S using this address as the source and going to an internal machine with an IPV6 address and got this:
  tracert -S fdfd:1374:5130:1000:2400:8f5a:a931:1ff8 testserver
  Tracing route to testserver.mydomain.com [fdfd:1374:5130:ce07:1000::220]
  over a maximum of 30 hops:
    1    <1 ms    <1 ms    <1 ms  daserver.mydomain.com [fdfd:1374:5130:1000:2400:8f5a:a931:1ff8]
    2     *        *        *     Request timed out.
    3     *        *        *     Request timed out.
    4     *        *        *     Request timed out.
    5     *        *        *     Request timed out.
    6     *        *        *     Request timed out.
    7     *        *        *     Request timed out.
    8     *        *        *     Request timed out.
    9     *        *        *     Request timed out.
   10     *        *        *     Request timed out.
   11     *        *        *     Request timed out.
   12     *        *        *     Request timed out.
   13     *        *        *     Request timed out.
   14 
  So it looks like from the IPHTTPS address I can't get to any internal IPV6 addresses on my internal IPV6 network I think right?  I did a route print on the DA server and got this:
  ===========================================================================
  Interface List
   12...00 15 5d 00 96 05 ......Microsoft Hyper-V Network Adapter
    1...........................Software Loopback Interface 1
   14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
   16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
   17...00 00 00 00 00 00 00 e0 IPHTTPSInterface
  ===========================================================================
  IPv4 Route Table
  ===========================================================================
  Active Routes:
  Network Destination        Netmask          Gateway       Interface  Metric
            0.0.0.0          0.0.0.0      172.16.0.21     172.16.0.127    261
          127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
          127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
    127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
         172.16.0.0    255.255.240.0         On-link      172.16.0.127    261
       172.16.0.127  255.255.255.255         On-link      172.16.0.127    261
      172.16.15.255  255.255.255.255         On-link      172.16.0.127    261
          224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
          224.0.0.0        240.0.0.0         On-link      172.16.0.127    261
    255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    255.255.255.255  255.255.255.255         On-link      172.16.0.127    261
  ===========================================================================
  Persistent Routes:
    Network Address          Netmask  Gateway Address  Metric
            0.0.0.0          0.0.0.0      172.16.0.21  Default
  ===========================================================================
  IPv6 Route Table
  ===========================================================================
  Active Routes:
   If Metric Network Destination      Gateway
   12    261 ::/0                     fdfd:1374:5130:ce07:1000::21
    1    306 ::1/128                  On-link
   12   4205 fdfd:1374:5130::/48      fdfd:1374:5130:ce07:1000::21
   17    306 fdfd:1374:5130:1000::/64 On-link
   17    306 fdfd:1374:5130:1000::/128  On-link
   17    306 fdfd:1374:5130:1000::1/128      On-link
   17    306 fdfd:1374:5130:1000::2/128      On-link
   17    306 fdfd:1374:5130:1000:2400:8f5a:a931:1ff8/128        On-link
   12    261 fdfd:1374:5130:7777::/96 On-link
   12    261 fdfd:1374:5130:ce07::/64 On-link
   12    261 fdfd:1374:5130:ce07:1000::127/128                    On-link
   12    261 fdfd:1374:5130:ce07:6b8c:21b9:52b4:e7c5/128    On-link
   12    261 fe80::/64                On-link
   17    306 fe80::/64                On-link
   17    306 fe80::2400:8f5a:a931:1ff8/128              On-link
   12    261 fe80::e00f:6c15:fde4:6491/128           On-link
    1    306 ff00::/8                 On-link
   12    261 ff00::/8                 On-link
   17    306 ff00::/8                 On-link
  ===========================================================================
  Persistent Routes:
   If Metric Network Destination      Gateway
    0 4294967295 fdfd:1374:5130:1000::/64 On-link
    0   4200 fdfd:1374:5130::/48      fdfd:1374:5130:ce07:1000::21
    0    256 fdfd:1374:5130:ce07::/64 On-link
    0 4294967295 fdfd:1374:5130:7777::/96 On-link
    0 4294967295 ::/0                     fdfd:1374:5130:ce07:1000::21
  ===========================================================================
  Am I missing a route here?
  Thanks