Direct Access: domain.LOCAL supported?

Similar Messages

• Direct Access DNS resolution local domain network

  Hey guys,
  some information to my test environment...
  My direct access server and my DC are based on Windows Server 2012 R2. The direct access server has one nic. Port 443 requests are forwarded through an firewall to the direct access server. The configuration for direct access is based on the built in assistens
  to configure it.
  On client side i am using Windows 8.1 x64.
  Now the to my problem...
  If I do an ping or a gpupdate when i am not connected to my local company network, the server responds and gpupdate/ping works fine. As soon as i am connected to my local company network i am not able to do a gpupdate or a ping (error in resolving dns).
  But i am able to use nslookup to query names.
  Anyone a suggestion where the problem could be?

  Hi,
  It seems that this problem is caused by the issue of Network Location Server.
  Does the client know that it is connected to the local network?
  When the client connects to the local network, it should show "Connected to network locally or through VPN".
  Here is the screenshot of my lab server,
  Aslo, we can use the command below to verify this,
  netsh dns show state
  The Machine location should be "Inside corporate network"  when the client is connected to the local network.
  If the client doesn't know that it is inside the corporate network, please check if client can access the Network Location Server.
  Best Regards.
  Steven Lee
  TechNet Community Support

• ADMT share domain local groups access denied

  Hi,
   I have encountered strange behavior when migrating share with permissions. This is the situation:
  1) We have migrated groups from source domain(these groups are used for defining access to shares, users are directly members of these, no nested groups), groups are domain local
  2) We have migrated share and reapplied and verified ACLs, ok so far
  The problem is that users from source domain cannot access share migrated to new domain, accordin to ACL they have access BUT when they try access the share it only shows access denied. But when the groups are converted to Global in source domain(no need
  to convert in target domain) access is permitted according to ALC).
  Can someone explain that please? Thank you.
  Pete
  sfs

  Hi,
  Member permissions in domain local group can be assigned only within the same domain as the parent domain local group.
  Domain local groups can contain users from any domain. They are used to assign permissions to resources. When you restructure domains, you must migrate domain local groups when you migrate the resources to which they provide access, or you must change the
  group type to universal group.
  For more detail information, you could refer to:
  http://blog.thesysadmins.co.uk/admt-series-7-group-account-migration-wizard.html
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• I have CS 6 which requests I sign in to access my serial numbers, which I have already, and it fails to connect so that I cannot use the programs. How do I get past this, is there a direct line to customer support?

  I have CS 6 which requests I sign in to access my serial numbers, which I have already, and it fails to connect so that I cannot use the programs. How do I get past this, is there a direct line to customer support in the UK?
  Thanks

  Sign in, activation, or connection errors | CS5.5 and later
  Mylenium

• Direct Access for Non Domain Machines

  Hi,
  In My IT-infra, there is multiple machines that is out my Office network & Domain..
  Can we join these machines in domain via Direct Access implementation ? or for implementing Direct Access we required to join those non domain & out of office network machine to Domain first ?
  secondly, can we implement the Direct access without any public certificate purchase, and without any IPV6 configuring in internal network,machines and in servers .currently i am using IPv4  IP on all Machines & Servers.
  I have gone through the Direct Access Technet guide but i feel very complex document there ...can you please brief me about direct access implementation in simpale way, i want to implement direct access to join the internet based client machines  to
  domain and manage via/for SCCM ...
  Shailendra Dev

  Correct, DirectAccess clients must be domain joined. Also, only Windows 7 Ultimate, Windows 7 Enterprise, or Windows 8 Enterprise clients are able to be DirectAccess connected, so that may also make a difference to your situation. I see many customers deploy
  DirectAccess for those Win7/Win8 domain-joined systems, and then make use of the traditional (RRAS) VPN on the same DirectAccess server for connecting any other operating systems or non-domain-joined machines. Those would just have to launch a manual VPN connection,
  where the DirectAccess connections are of course automatically connected.
  You don't "have" to use an SSL certificate that you purchased from a public CA, but you really should. It is definitely a best practice to use a trusted public certificate on your DirectAccess server. Further, if you have Windows 8 client computers,
  you don't even need to distribute the machine certificates inside your network, but it is also a best practice that you do this anyway, to strengthen the authentication process.
  No, you do not need IPv6 inside your network at all for DirectAccess to work.
  Sounds like you might be interested in some additional reading on DA, here are the two books available on the subject:
  https://www.packtpub.com/virtualization-and-cloud/microsoft-directaccess-best-practices-and-troubleshooting
  https://www.packtpub.com/networking-and-servers/windows-server-2012-unified-remote-access-planning-and-deployment

• Source does not support direct access

  Hi Friends,
  I'm trying to creat DTP for Master Data Text Datasource "0CFM_BD_CLS_TEXT (Bonds Classification (Texts))" which is belonged to CML application (Core Banking Mortgage Loans), but it's not allowing me to create DTP, it is giving the error saying that "Source does not support direct access"
  FYI: i've checked tht datasource in SAP R/3 'RSA6' also, there the parameter for direct access is D and also i'mnot trying to load data remotely... how to resolve this issue?
  Regards,
  BalajiReddy

  To get data remotely, the data source has to support remote accesbility. PL chekc this in RSA5 , RSA6.
  Ravi Thothadri

• Unable to access sysvol using path \\domain.local\sysvol

  Hi,
  We found that our newly configured workstations were unable to read/apply GPOs. Upon checking, we are able to access the path \\domain.local. However, when trying to open sysvol folder (or any other shared folder on the domain controller), we receive the
  following error:
  We cannot also access the folders when using domain netbios name. Strangely enough, when using IP address or DC name, we can successfully map the sysvol folder.
  Have also tried running DCdiag and the test
  NCSecDesc fails with error:
  Hope anyone can shed some light on what went wrong.
  Thank you.

  Hi,
  Based on your description, please make sure that TCP/IP NetBIOS Helper, Netlogon, and the Remote Procedure Call (RPC) services are started and set to Automatic.
  If the issue persists, we can also try disjoining and rejoining the workstation.
  The following thread focused on the similar issue and can be referred as reference.
  Cannot access
  \\domain\sysvol
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c58600d7-5c7b-4cbb-9da4-4c98e3fa2997/cannot-access-domainsysvol?forum=windowsserver2008r2general
  Best regards,
  Frank Shen

• Verizon Chat advises pdf attachment non-download from AOL email is a software problem and directs me to Apple Support. I see "can't access cellular data network" in an instant before the file's icon turns into the file's name.

  Verizon Chat advises pdf attachment non-download from AOL email is a software problem and directs me to Apple Support. I see "can't access cellular data network" in an instant before the file's icon is replaced by the file's name. In Inbox three emails in a row show there is an attachment. My iPad 3rd gen. runs 7.1.

  You have Acrobat Pro on your system. It will try to open PDFs, and of course it will fail. You must uninstall it. Then, you will need a PDF reader. So install Adobe Reader. That seems quite simple, but perhaps something is wrong. If anything goes wrong with these two steps (1) uninstall Acrobat Pro (2) install Adobe Reader, then please let us know the details.

• Enterprise DNS servers are not responding when using Windows NLB with Direct Access 2012

  Hi
  We have installed Direct Access 2012 as one server installation:
  - Two network cards. First one in DMZ and second one in internal network
  - Two consecutive IP addresses configured in DMZ because of Teredo
  - PKI because of Win7 Clients IPSec
  - Our corporate network is native IPv4 so we use DNS64/NAT64 and DA-server is configured as DNS
  - DA-servers are VMWare virtual machines 
  One server installation works fine and now we want to use Windows NLB as load balancing. NLB installation goes fine too,
  but problem is DNS. If we still try to use DA-server as DNS there comes error message below
  None of the enterprise DNS servers 2002:xxxx:xxxx:3333::1 used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.
  When trying to configure DNS using Infrastructure access setup, DNS cannot be validated when using DA-servers DIP or cluster VIP. Only domain local DNS looks to be ok but those have no IPv6 addressess. So how DNS should be configured when using multicast
  NLB? 
  Tried to remove name suffix then adding again => Detect DNS server => DA-server IPv6 address found => validate => The specified DNS server is not responding...
  Then tried to ping detected address => General failure
  NLB clusters are configured as multicast and static ARPs are configured too. Both clusters can be connected from those subnets as they should be. 
  Any clues how to fix this?
  ~ Jukka ~

  Hi,
  Your question falls into the paid support category which requires a more in-depth level of support.  Please visit the below link to see the various
  paid support options that are available to better meet your needs.
  http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• ConfigMgr Clients connection over direct access.

  My test client machine is running Windows 8.1 and connecting to network through Direct Access. I am running SCCM 2012 R2 on Windows Server 2012.
  Test Machine: NYWIN8
  SCCM Server: SCCM01
  Domain: demo.local
  I would like to understand how configmgr handles clients connecting through direct access. What all functionality is available for such clients?
  On my client machine is see following errors:
  FSPSTATEMESSAGE.LOG
  Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7
  [CCMHTTP] ERROR: URL=HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED
  POLICYAGENT.LOG
  Policy
  http://SCCM01.demo.local/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 is not available.
  DATATRANSFERSERVICE.LOG
  DTS job {E6FAADEE-F22E-4E89-92EE-C2D9C10C3056} BITS job {9C444FAB-FD3C-4A6B-B8A4-81DA159E4E45} failed to download source file
  http://SCCM01.demo.local:80/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 to destination C:\Windows\CCM\Temp\{C9AA0DDC-BD37-442D-A00E-EE7404D47C12}.tmp with error 0x80190194
  DTS job {E6FAADEE-F22E-4E89-92EE-C2D9C10C3056} BITS job {9C444FAB-FD3C-4A6B-B8A4-81DA159E4E45} partially completed 0/1 with error 0x80190194 context 5
  Software Catalog Update Endpoint
  Failed to open portal registry key 'Software\Policies\Microsoft\CCM'. maybe haven't been created yet. Error 0x80070002
  WEDMTRACE.LOG
  No CCM Identification blob
  CAS.LOG
  The number of discovered DPs(including Branch DP and Multicast) is 0
  SMSCLIUI.LOG
  Failed to set DNSSuffix value to the registry.
  Are there any issues due to connecting using direct access?

  When I try to deploy any software (7-ZIP or Notepad++) to this client I get following error:
  The software change returned error code 0x87D00607(-2016410105).
  I can deploy same software fine to other machines connecting on LAN.
  Server Logs:
  Portlctl
  PORTALWEB's previous status was 0 (0 = Online, 1 = Failed, 4 = Undefined)
  PORTALWEBs http check returned hr=0, bFailed=0
  awbsctl
  AWEBSVCs http check returned hr=0, bFailed=0
  AWEBSVC's previous status was 0 (0 = Online, 1 = Failed, 4 = Undefined)
  Client Logs:
  CAS
  The number of discovered DPs(including Branch DP and Multicast) is 0
  CCMEVAL
  Client's current MP is http://SCCM01.DEMO.local and is accessible
  ClientLocation
  Current AD forest name is Demo.local, domain name is Demo.local
  Domain joined client is in Intranet
  Rotating assigned management point, new management point [1] is: SCCM01.demo.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>
  Assigned MP changed from <SCCM01.demo.local> to <SCCM01.demo.local>.
  ContentTransferManager
  No data since 11/13/2013
  CTM job {F6085C09-4C39-489E-A6F6-2C268398B7F2} successfully processed download completion.
  DataTransfer
  DTS job {B227AB6E-6D0F-4709-B8C6-AA8B66CBBE2D} BITS job {AE61D01C-E251-45FA-8B2C-2E22DDD91016} failed to download source file
  http://SCCM01.demo.local:80/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 to destination C:\Windows\CCM\Temp\{22619283-47B1-445A-9262-C1FA54AD0F64}.tmp with error 0x80190194
  DTS job {B227AB6E-6D0F-4709-B8C6-AA8B66CBBE2D} BITS job {AE61D01C-E251-45FA-8B2C-2E22DDD91016} partially completed 0/1 with error 0x80190194 context 5
  Filebits
  BranchCache Is Not Enabled
  Failed to check PeerDistribution status. NOT able to do branch cache.
  FSPSTATEMESSAGE
  Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7
  [CCMHTTP] ERROR: URL=HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED
  Successfully sent location services HTTP failure message.
  InternetProxy
  Failed to get proxy for url 'HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp'. Error 0x87d00215
  InventoryAgent
  Inventory: 9 Collection Task(s) failed.
  SCCLIENT
  Event maps to notification type = Application Enforcement Failed   (Microsoft.SoftwareCenter.Client.Data.WmiConnectionManager at EventWatcher_EventArrived)
  SMSCLIUI
  Failed to set DNSSuffix value to the registry.
  IPCONFIG /ALL from CLIENT:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : NYWIN8
     Primary Dns Suffix  . . . . . . . : demo.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : demo.local
     System Quarantine State . . . . . : Not Restricted
  Ethernet adapter vEthernet (Internal):
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
     Physical Address. . . . . . . . . : 00-15-5D-01-0B-07
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::d3f:4e51:c648:7b26%26(Preferred)
     Autoconfiguration IPv4 Address. . : 169.254.123.38(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.0.0
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 872420701
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter vEthernet (External):
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-DE
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::9cb5:5132:1f47:e7c6%24(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Thursday, January 2, 2014 1:27:53 PM
     Lease Expires . . . . . . . . . . : Saturday, January 4, 2014 12:27:55 PM
     Default Gateway . . . . . . . . . : 192.168.1.1
     DHCP Server . . . . . . . . . . . : 192.168.1.1
     DHCPv6 IAID . . . . . . . . . . . : 730113736
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     DNS Servers . . . . . . . . . . . : 192.168.1.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Wireless LAN adapter Local Area Connection* 3:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-DF
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Bluetooth Network Connection:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-E2
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Ethernet:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
     Physical Address. . . . . . . . . : E0-DB-55-D2-5E-59
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.home:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter iphttpsinterface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : iphttpsinterface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:e1a7:9cc8:c3c7:d819(Preferred)
     Temporary IPv6 Address. . . . . . : fd64:fc00:d17b:1000:c598:7f17:e286:369d(Preferred)
     Link-local IPv6 Address . . . . . : fe80::e1a7:9cc8:c3c7:d819%10(Preferred)
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 369098752
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter isatap.{DC7D2C63-1506-49EC-A40F-AA4E56DE4001}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

• Server 2012 Direct Access Single NIC cant get it to work

  Hi,
  I am having some real issues with setting up Direct Access with Server 2012 and a Windows 8 client, it simply won’t work at all.
  First of all I should describe my setup:
  I have an internet connection with a static IPv4 address on the external network adapter of the router
  The internal network address (the address of the router which has the internet connection) is 192.168.1.1
  Server1 (windows 2008 R2 Standard) has a static IPv4 address 192.168.1.2 and has some ports forwarded from the router (443, 25, 80) this server is a domain controller, email server, and has the DNS, DHCP and
  certificate services
  Server 2 (Windows 2008 R2 standard) has static IPv4 address 192.168.1.3 it has no ports forwarded from the router as it has no services accessed externally, it is used as a file server and print server, backup
  domain controller and backup DNS.
  Server 3 (Windows 2012) has static IPv4 address 192.168.1.4 and has the Remote Access server role installed along with all the other default features and roles it requires in the setup process.
  These servers have all got an IPv6 address which I assume the server has configured automatically, there has been no deliberate configurations made to disable IPv6
  I have no UAG or proxy server or anything else to route packets to internal servers. Just this router which has the option for port forwarding (I assume that’s NAT isn’t it?) sorry don’t know much about that
  area.
  I go through the setup wizard in remote access to configure direct access, in the external URL I have entered da.mydomain.com and created a host A record in my external domain name providers DNS which points
  the da record to my external IP address. The wizard creates all the GPO’s, scoped correctly, and applied to a Windows 8 client. The operational status shows its all working and I got green ticks. However, when I connect the client to the internal network it
  doesn’t seem to have correctly got the DA settings. I run the following in powershell
  Get-DnsClientNrptPolicy
  Nothing displays – at all
  Get-NCSIPolicyConfiguration
  Description                   
  : NCSI Configuration
  CorporateDNSProbeHostAddress  
  : fdd8:dd4a:ea42:7777::7f00:1
  CorporateDNSProbeHostName     
  : directaccess-corpConnectivityHost.mydomain.local
  CorporateSitePrefixList       
  : {fdd8:dd4a:ea42:1::/64, fdd8:dd4a:ea42:7777::/96, fdd8:dd4a:ea42:1000::1/128,
  fdd8:dd4a:ea42:1000::2/128}
  CorporateWebsiteProbeURL      
  : http://directaccess-WebProbeHost.mydomain.local
  DomainLocationDeterminationURL : https://DirectAccess-NLS.mydomain.local:62000/insideoutside
  Get-DAConnectionStatus
  Get-DAConnectionStatus : Network Connectivity Assistant service is stopped or not responding.
  At line:1 char:1
  + Get-DAConnectionStatus
  + ~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo         
  : NotSpecified: (MSFT_DAConnectionStatus:root/StandardCi...onnectionStatus) [Get-DAConnect
     ionStatus], CimException
  + FullyQualifiedErrorId : Windows System Error 1753,Get-DAConnectionStatus
  I go into services.msc and find that the network connectivity assistant is not started, it wont start either something must trigger it but I have no idea how to get it triggered to start… this might be my only
  source of problem perhaps but on a more network level question:
  If I have such ports as 80, and 443 (which I assume DA uses in some form with a public IPv4 internet address) directed at server 1, how does the DA connection get to server 3 which has the DA role installed?
  I could create another record on the server which also opens port 443 to server as well as for server 1, but then how would the router know which server to pass the DA connection to if the same port is open for two different servers?
  Either way, this first issue is that the client doesn’t seem to have the ability to connect internally correctly yet, so maybe this connectivity service is a good place to start? My understanding is that the
  networks icon in the system tray should show that there is a corporate connection, but it doesn’t. also, the client seems to have the NLS certificate in the computer certificate store, so the cert side of things is working and the GPO side is working.
  Many thanks
  Steve

  ahh i see, so just to enlighten me even further...
  If a company has two web servers that would mean they would need two different public facing IP addresses so they can route to each internal web server. If, like the big companies have, they
  may have many web servers (possibly more than 100) I’m assuming that simply buying more public IP addresses would have a limit, especially since the IPv4 address space is pretty much exhausted. So is this where proxy systems come into play like ISA and Forefront,
  is this what they do?
  I assume if such a product was implemented you could go down to just one or two public IP addresses, point all traffic to the ISA server and that in turn would do all the routing of packets
  to each server behind the NAT/router (probably based on some sort of domain name or sub domain namespace as it’s parameter for forwarding?)
  Secondly, what I have done is installed windows server 2012 and used that as a direct access client (I read on another forum that the windows 8 RP doesn’t have the enterprise bits to make this
  work). I have got much further with the 2012 server acting as a client (installed on laptop, installed desktop experience and wireless LAN), 
  but when I run the following command on my DA client I get the following status
  Get-DAConnectionStatus
  Status:                 
  connectedlocally
  Substatus:          
  none
  This appears to work fine, when im connected to the local network. But then I disconnect and run the command again and I get the following:
  Status:                 
  Error
  Substatus:          
  NameResolutionFailure
  On my router what I did is temporarily disable port 443 going to my original server and instead opened it up pointing to my other server, so 443 traffic should be going to my DA server now, but I don’t understand why its giving the name resolution failure
  status. I have a host A record called “da” with my domain hoster, and entered the full domain namespace in the DA wizard as da.mydomain.com (the Host A record has been up there for more than a week so it’s propagated through the net)
  So, a bit further but stuck again.

• Configuration of Direct Access 2012

  Good morning.
  I have tried to set up Direct Access from what I see is pretty much a 30-40 minute job, but has turned out to be something of a pain. Having followed the video on youtube for Windows Server 2012 with Basic PKI configuration and Windows 7 clients. I
  have set up a working DA server with no issues and all green ticks.
  Here's a run down.
  I have a DC (2012) with the CA already installed.
  I have a virtual DA (2012) set up with the advanced settings.
  I have a a TMG 2010 server as the firewall with a Non-Web Publishing rule designed to forward HTTPS requests to the DA on the internal network.
  The set up went as planned and I followed the instruction to set up the PKI and all computers have picked up a computer Certificate for the CA so that the internal root is validated.
  The Certificates that I chose for the DA server were as follows;
  DirectAccess-NLS.mydomain.local
  remote.my-external-domain-name.co.uk
  both published from my internal CA so that the root of the certificates were valid.
  I have a Third party wildcard cert ( *.my-external-domain-name.co.uk ) for TMG to allow other connection such as VPN and web access.
  DA Config:
  Step 1: Remote Clients
  I set up the DA server as per the video, set the DirectAccessClient group, and in the
  Network Connectivity Assistant The resource was filled in with the
  http://diectaccess-WebProbeHost URL.
  Step 2: Remote Access Server
  The Network Topology was set to Behind an edge device (with single network adapter), and then is says to type in the 'PUBLIC NAME' used by clients to connect to the Remove Access Server. Here I typed in the external DNS
  name remote.my-external-domain-name.co.uk.
  Network Adapters had the one ethernet and an IPv6 address. The
  Select Certificate sued to authenticate IP-HTTPS connections has the CN=remote.my-external-domain-name.co.uk.
  Authentication is set to AD and I used the root certificate of the CA for
  use computer certificates. I also Enabled windows 7 client computers to connect via DirectAccess.
  Step 3: Infrastructure Servers
  Network Location Sevrer had the NLS is deployed on this server with the
  DirectAccess-NLS cert.
  DNS had the internal domain and the DirectAccess-NLS. the Internal domain was pointing to the IPv4 address of the DA. I read that I need to put the external name suffix of remote.my-external-domain-name.co.uk entry in and pointed that
  to the internal DA IPv4 address also.
  DNS Suffix List was set automatically and I also added my external domain name just in case.
  Managerment was straight forward and I pointed to our System Centre 2012 R2 server.
  Upon clicking finish and applying the GPO policies everything went according to plan. All green ticks. I did a GPupdate on the client I was testing and the GPO policies came through.
  Now the issue I have is that on the internal network I get the Last Error 0x80190190 unable to connect to server. Now I am sure that this should say active as it is inside the network. I get the same error out side. When I check the DA server for
  netsh int https sh int  it returns the value that client authentication = NONE. I set it up to use computer certificates and even is I uncheck that it does not change. 
  It there a straight forward thing I missed or is it to do with publishing in TMG. Internally the direct access client will not connect as it will find the NLS in the internal DNS as I have the host record for both the server FQDN and the DirectAccess-NLS
  potining to the IPv4 address. I also have the external remote.my-external-domain-name.co.uk entry in the internal DNS to point to the internal IPv4.
  I have opened the ports for 443, 62000 on the DA for the IIS inbound and outbound. 
  I have a windows 8 client but need to test it as Windows 8 is supposed to work just like that.
  What am I doing wrong here?? Any ideas would be much appreciated. 

  Thank you for this Jordan.
  I have now got it working. The next step is to make sure my applications are all using Names rather than IP addresses.
  I have basically setup the system as per my original thread that follows, NOT in BOLD.
  I have tried to set up Direct Access from what I see is pretty much a 30-40 minute job, but has turned out to be something of a pain. Having followed the video on youtube for Windows Server 2012 with Basic PKI configuration and Windows 7 clients. I have
  set up a working DA server with no issues and all green ticks.
  Here's a run down.
  I have a DC (2012) with the CA already installed.
  I have a virtual DA (2012) set up with the advanced settings.
  I have a a TMG 2010 server as the firewall with a Non-Web Publishing rule designed to forward HTTPS requests to the DA on the internal network.
  The set up went as planned and I followed the instruction to set up the PKI and all computers have picked up a computer Certificate for the CA so that the internal root is validated.
  The Certificates that I chose for the DA server were as follows;
  DirectAccess-NLS.mydomain.local
  remote.my-external-domain-name.co.uk
  both published from my internal CA so that the root of the certificates were valid.
  I have a Third party wildcard cert ( *.my-external-domain-name.co.uk ) for TMG to allow other connection such as VPN and web access.
  DA Config:
  Step
  1: Remote Clients
  I set up the DA server as per the video, set the DirectAccessClient group, and in the Network Connectivity Assistant The resource was
  filled in with the http://diectaccess-WebProbeHost URL.
  Step
  2: Remote Access Server
  The Network Topology was set to Behind
  an edge device (with single network adapter), and then is says to type in the 'PUBLIC NAME' used by clients to connect to the Remove Access Server. Here I typed in the external DNS name remote.my-external-domain-name.co.uk.
  Network Adapters had the one ethernet and an IPv6 address. The Select
  Certificate sued to authenticate IP-HTTPS connections has the CN=remote.my-external-domain-name.co.uk.
  Authentication is set to AD and I used the root certificate of the CA for use
  computer certificates. I also Enabled windows 7 client computers to connect via DirectAccess.
  Step
  3: Infrastructure Servers
  Network Location Sevrer had the NLS
  is deployed on this server with the DirectAccess-NLS cert.
  DNS had the internal domain and the DirectAccess-NLS. the Internal domain was pointing to the IPv4 address of the DA. I read that I need
  to put the external name suffix of remote.my-external-domain-name.co.uk entry in and pointed that to the internal DA IPv4 address also.
  DNS Suffix List was set automatically and I also added my external domain name just in case.
  Managerment was straight forward and I pointed to our System Centre 2012 R2 server.
  Upon clicking finish and applying the GPO policies everything went according to plan. All green ticks. I did a GPupdate on the client I was testing and the GPO policies came through.
  I have set up TMG as per the isa.org forum  
  http://www.isaserver.org/articles-tutorials/general/implementing-windows-server-2012-directaccess-behind-forefront-tmg-part2.html .
  @ Jordan - I ensured that I had a separate external IP address for the requests from the clients to TMG as I publish websites internally.
  I used a third party wildcard cert for the IP-HTTPS connect part in DA Config Step 2.
  All the rest of the DA set up was pretty much out of the box as stated above. 

• Office 365 Direct Access SCCM

  Hi,
  Recently we deployed a bunch of laptops using SCCM (windows 8.1) but having a partial issue with Office 365 via Software Center.
  When laptops are within domain:
  - Office 365 installs during OSD
  - Office 365 installs via Software Center
  When laptops are within domain via Direct Access:
  - Office 365 downloads but fails at installing.
  "exitcode: 17002"
  "The software change returned error code 0x426A(17002)"
  <![LOG[++++++ App enforcement completed (2 seconds) for App DT "VisioProRetail" [ScopeId_538AD476-A160-422A-81FA-BE714BFAD0B1/DeploymentType_3d6a46b6-ffca-477c-b200-cc3392085b38], Revision: 2, User SID: S-1-5-21-2507967118-3678214798-1188983363-2612] ++++++]LOG]!><time="11:33:58.291-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appprovider.cpp:2448">
  <![LOG[+++ Starting Install enforcement for App DT "VisioProRetail" ApplicationDeliveryType - ScopeId_538AD476-A160-422A-81FA-BE714BFAD0B1/DeploymentType_3d6a46b6-ffca-477c-b200-cc3392085b38, Revision - 2, ContentPath - C:\WINDOWS\ccmcache\d, Execution Context - System]LOG]!><time="11:34:17.546-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appprovider.cpp:1702">
  <![LOG[ A user is logged on to the system.]LOG]!><time="11:34:17.546-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appprovider.cpp:2083">
  <![LOG[ Performing detection of app deployment type VisioProRetail(ScopeId_538AD476-A160-422A-81FA-BE714BFAD0B1/DeploymentType_3d6a46b6-ffca-477c-b200-cc3392085b38, revision 2) for user.]LOG]!><time="11:34:17.550-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appprovider.cpp:2148">
  <![LOG[+++ Application not discovered. [AppDT Id: ScopeId_538AD476-A160-422A-81FA-BE714BFAD0B1/DeploymentType_3d6a46b6-ffca-477c-b200-cc3392085b38, Revision: 2]]LOG]!><time="11:34:17.580-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="localapphandler.cpp:291">
  <![LOG[ App enforcement environment:
  Context: Machine
  Command line: setup.exe /configure configuration.xml
  Allow user interaction: No
  UI mode: 1
  User token: not null
  Session Id: 3
  Content path: C:\WINDOWS\ccmcache\d
  Working directory: ]LOG]!><time="11:34:17.580-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appcontext.cpp:85">
  <![LOG[ Prepared working directory: C:\WINDOWS\ccmcache\d]LOG]!><time="11:34:17.582-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appcontext.cpp:189">
  <![LOG[ Prepared command line: "C:\WINDOWS\ccmcache\d\setup.exe" /configure configuration.xml]LOG]!><time="11:34:17.584-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appcontext.cpp:338">
  <![LOG[ Executing Command line: "C:\WINDOWS\ccmcache\d\setup.exe" /configure configuration.xml with user context]LOG]!><time="11:34:17.585-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appexcnlib.cpp:201">
  <![LOG[ Working directory C:\WINDOWS\ccmcache\d]LOG]!><time="11:34:17.586-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appexcnlib.cpp:215">
  <![LOG[ Post install behavior is BasedOnExitCode]LOG]!><time="11:34:17.615-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appcommon.cpp:1094">
  <![LOG[ Waiting for process 440 to finish. Timeout = 120 minutes.]LOG]!><time="11:34:17.617-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appexcnlib.cpp:1958">
  <![LOG[ Process 440 terminated with exitcode: 17002]LOG]!><time="11:34:19.687-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appexcnlib.cpp:1967">
  <![LOG[ Looking for exit code 17002 in exit codes table...]LOG]!><time="11:34:19.689-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appexcnlib.cpp:505">
  <![LOG[ Unmatched exit code (17002) is considered an execution failure.]LOG]!><time="11:34:19.690-600" date="07-10-2014" component="AppEnforce" context="" type="2" thread="6188" file="appexcnlib.cpp:591">
  <![LOG[++++++ App enforcement completed (2 seconds) for App DT "VisioProRetail" [ScopeId_538AD476-A160-422A-81FA-BE714BFAD0B1/DeploymentType_3d6a46b6-ffca-477c-b200-cc3392085b38], Revision: 2, User SID: S-1-5-21-2507967118-3678214798-1188983363-2612] ++++++]LOG]!><time="11:34:19.692-600" date="07-10-2014" component="AppEnforce" context="" type="1" thread="6188" file="appprovider.cpp:2448">
  I have seen some other post where they suggest it is a permission issue but in my case there are no pop up windows and the content was cached to user directory.
  Also confirming that source folder (files and file sizes) are all matching compare to local cached folder.
  Administrator full access to file (myself logged in as administrator)
  Thank you,
  Jono
  Jonathan

  Hi,
  Found out what the issue was... not really a issue to be honest.
  As I am managing SCCM at the same thing, I have office 365, Visio and Project installation as a separated package.
  When I try to run Visio and Project while Office (Lync and Outlook) are running, it will instantly fails.
  Once I turned those software off, it works like magic.
  Regards,
  Jono
  Jonathan

• Cannot apply Direct Access Client GPO on Windows 8.1 Enterprise client

  Hi, I have made a Direct Access environment on Windows Server 2012 R2 Essential.
  All setting seems to be ok, but i'm completely stuck when i have to export the DA client GPO to the client computer.
  The client computer is a Win8.1 Enterprise, already joined to the domain.
  When execute the command gpupdate /force, it complete successfully but when i do a gpresult /R i have nothing in the "Applied Group Policy Object" field (N/A) while i should have the Default domain GPO and the DA client GPO.
  What is wrong at this state ?
  Thanks

  My user1 is in the "DirectAccess" group.
  In all the tutorial i saw, i have never seen you have to add the computer object to this group but only the user.
  Anyway, i have just add it to the group.
  From my first post, here is what i did.
  ran a Group Policy Result, from the DC to the client. 
  It give me the error RPC unavailable. 
  So i open the local policies on the client > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall >
  Domain Profile > double click on "Windows Firewall: Allow inbound remote administration exception" > tick enable 
  I reran the Group Policy Results, and it work this time. 
  Now i have the result for the User1 on TECH2 client pc. 
  On details pane > Denied GPOs 
  The DA client setting is deny with the reason "access denied" ...
  Now on the client computer after a GPRESULT /R
  Computer settings
  Applied Group Policy Object
  Default Domain Policy
  Local Group Policy
  The following GPOs were not applied because they were filtered out
  DirectAccess Client Setting
  Filtering: Denied (Security)
  DirectAccess Server Settings
  Filtering: Denied (Security)  -> normal

• PS Store error, local support team refuses to help.

  Hello everyone, Before I begin, please understand that I am not here to complain. I am not an upset customer on a rant. And I am not new to the service and the way Sony/PlayStation handle things. I simply want to report a few things 1) An error on PlayStation Store.
  2) The inability of my local support team.
  3) A solution to my problem. Now, on with it... On the 23rd of July I made a avatar purchase on the PlayStation Store using my PS3. I bought the avatar Deception IV TNP - Avatar Laegrinna. Here's a shot of my download list after the purchase.  As you can see, Laegrinna avatar is on my download list. So I download it.  However, when I got to select it on my avatar list, instead of Laegrinna I get the Allura avatar. Which is the wrong avatar.  Now, since my account is based in Portugal, and I used the Portuguese Store, I contacted the Portuguese support team.After proving the needed information, I was asked to provide screenshots for further evidence. So, I did.
  The next email I was asked to select the appropriated field on my avatar list and be sure to scroll down the list and look for it. I did, and replied back saying that it still not there. Now, up until this point I am a reasonable person. I understand why so many questions and the need for verification. They must first verify that what I'm saying is true. Fair enough. However, this is where I lose faith in my fellow country people.
  Up until now I've been exchanging emails with one person. But now a second person replies back to me with detailed instructions on how to select an avatar for my account. Even though I already know how to do that, and had this person read the previous email chain they would have come to that conclusion, since I provided a screenshot of me accessing the avatar menu. This sent me straight back to the start. I feel like I've made no progress what so ever. Because now I had to explain the situation all over again to someone who's clueless of the entire situation.
  I'm taking this to the English forums where hopefully there's more common sense.So here's the thing. I just want people to take responsibility over this error on the PlayStation Store. I was given the wrong item. I did not received what I paid for. I either want a refund, or the error fixed so that when I download it, I get what I paid for. It's not about the money, it's about principle. This was only a few cents. But what if it was an expensive special edition full game and the store instead gives the wrong game? I would obviously contact the support team, but for what? So that I can be told that there's nothing wrong and that I don't know how to download the correct game? I would be most grateful if someone could look into this situation. I am willing to provide further details if needed upon establishing contact. Thank you for your time. [UPDATE] After replying to the second person and explaining myself again, I've received a generic reply saying that my email has been directed to a different sector to deal with it.

  DEKOWOLF wrote:
  Appreciate the feedback! I'm afraid email is the only way I can contact the support team right now. I'm not living in Portugal. Thing is, I'm not even mad. Like I said, it's a simple matter of principle.Getting my problem fixed is the lower priority for me. What I want is someone higher up (like a Sony Europe HR department) to address the support team and tell them how to run their ship. Oh i see. Yeah I get what you mean.