Directaccess Multisite problem

Hi, i am having a problem with our multisite deployment:
i have a main office with two directaccess 2012 servers in loadbalance configuration, i also have serveral smaller offices and have added directaccess 2012 servers to two of them, i could install multisite without problem, and the directaccess servers are
working for clients, but one of them is connected via a VPN between two firewalls, and i am having allot of difficulty managing that one. there are no problem pinging or accessing the server both the directaccess server and a active directory server.
But directaccess can not seem to reach it, ex:
Get-DAEntryPoint : Domain controller usdc05.domain.se cannot be reached for USSITE01.
At line:1 char:1
+ Get-DAEntryPoint -Name "USSITE01"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (domain.se\{4A3891...F-B5AA19B36098}:root/Microsoft/...PS_DAEntryPoint) [Get
   -DAEntryPoint], CimException
    + FullyQualifiedErrorId : REMOTEACCESS 127,Get-DAEntryPoint
And since the directaccess is having problems reaching the servers trough the VPN connection i can not manage the Directaccess configuration since everything stops working when one part is unreachable...a really annoying feature of directaccess 2012.
Have anybody tried having directaccess multisite where the sites are seperated by vpn and got it to work ?
Best Regards
Daniel

Hi Daniel,
To such issue, it is not an efficient way to work in this community since we may need more resources, for example memory (application) dump or ETL trace, which is not appropriate to handle in community. I’d like to suggest that you submit a service request
to MS Professional tech support service so that a dedicated Support Professional can further assist with this request.
Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone
Thank you.
Best regards,
Steven Song
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Similar Messages

DirectAccess multisite on Server 2012 R2: 'The remote access configuration task (raconfigtask) in Windows Task Scheduler cannot be disabled"

Dear all,
I'm an experiencing an issue when configuring 2012 R2 DirectAccess multisite.
The initial configuration of the first site in a multisite setup works fine, however when i try to add ANY other server on another site, i see the below screenshot, the full text of which is: "The remote access configuration task (raconfigtask) in Windows
Task Scheduler cannot be disabled" while the entry point is added.
THere are no logged events on the remote server, but on the controlling server i see this in the event log:
Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 10/15/2014 12:55:58 AM
Event ID: 140
Task Category: Task registration updated
Level: Information
Keywords:
User: SYSTEM
Computer: WWCLORAS01.apco.net
Description:
User "S-1-5-18" updated Task Scheduler task "\Microsoft\Windows\RemoteAccess\RaConfigTask"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TaskScheduler" Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
<EventID>140</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>140</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-10-15T07:55:58.432317300Z" />
<EventRecordID>1738</EventRecordID>
<Correlation ActivityID="{D4236B4E-E841-0003-E5BA-23D441E8CF01}" />
<Execution ProcessID="840" ThreadID="3852" />
<Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
<Computer>WWCLORAS01.apco.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="TaskUpdated">
<Data Name="TaskName">\Microsoft\Windows\RemoteAccess\RaConfigTask</Data>
<Data Name="UserName">S-1-5-18</Data>
</EventData>
</Event>Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 10/15/2014 12:55:58 AM
Event ID: 140
Task Category: Task registration updated
Level: Information
Keywords:
User: SYSTEM
Computer: WWCLORAS01.apco.net
Description:
User "S-1-5-18" updated Task Scheduler task "\Microsoft\Windows\RemoteAccess\RaConfigTask"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TaskScheduler" Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
<EventID>140</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>140</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-10-15T07:55:58.432317300Z" />
<EventRecordID>1738</EventRecordID>
<Correlation ActivityID="{D4236B4E-E841-0003-E5BA-23D441E8CF01}" />
<Execution ProcessID="840" ThreadID="3852" />
<Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
<Computer>WWCLORAS01.apco.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="TaskUpdated">
<Data Name="TaskName">\Microsoft\Windows\RemoteAccess\RaConfigTask</Data>
<Data Name="UserName">S-1-5-18</Data>
</EventData>
</Event>
And this in the taskscheduler:
Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 10/15/2014 12:55:58 AM
Event ID: 140
Task Category: Task registration updated
Level: Information
Keywords:
User: SYSTEM
Computer: WWCLORAS01.apco.net
Description:
User "S-1-5-18" updated Task Scheduler task "\Microsoft\Windows\RemoteAccess\RaConfigTask"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TaskScheduler" Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
<EventID>140</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>140</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-10-15T07:55:58.432317300Z" />
<EventRecordID>1738</EventRecordID>
<Correlation ActivityID="{D4236B4E-E841-0003-E5BA-23D441E8CF01}" />
<Execution ProcessID="840" ThreadID="3852" />
<Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
<Computer>WWCLORAS01.apco.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="TaskUpdated">
<Data Name="TaskName">\Microsoft\Windows\RemoteAccess\RaConfigTask</Data>
<Data Name="UserName">S-1-5-18</Data>
</EventData>
</Event>
Any ideas what might be causing this? All servers are in the same domain, firewalls don't seem to be dropping anything, SCCM client is installed, but thats it.
Appreciate any feedback.
Jim

Dear all,
I'm an experiencing an issue when configuring 2012 R2 DirectAccess multisite.
The initial configuration of the first site in a multisite setup works fine, however when i try to add ANY other server on another site, i see the below screenshot, the full text of which is: "The remote access configuration task (raconfigtask) in Windows
Task Scheduler cannot be disabled" while the entry point is added.
THere are no logged events on the remote server, but on the controlling server i see this in the event log:
Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 10/15/2014 12:55:58 AM
Event ID: 140
Task Category: Task registration updated
Level: Information
Keywords:
User: SYSTEM
Computer: WWCLORAS01.apco.net
Description:
User "S-1-5-18" updated Task Scheduler task "\Microsoft\Windows\RemoteAccess\RaConfigTask"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TaskScheduler" Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
<EventID>140</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>140</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-10-15T07:55:58.432317300Z" />
<EventRecordID>1738</EventRecordID>
<Correlation ActivityID="{D4236B4E-E841-0003-E5BA-23D441E8CF01}" />
<Execution ProcessID="840" ThreadID="3852" />
<Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
<Computer>WWCLORAS01.apco.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="TaskUpdated">
<Data Name="TaskName">\Microsoft\Windows\RemoteAccess\RaConfigTask</Data>
<Data Name="UserName">S-1-5-18</Data>
</EventData>
</Event>Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 10/15/2014 12:55:58 AM
Event ID: 140
Task Category: Task registration updated
Level: Information
Keywords:
User: SYSTEM
Computer: WWCLORAS01.apco.net
Description:
User "S-1-5-18" updated Task Scheduler task "\Microsoft\Windows\RemoteAccess\RaConfigTask"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TaskScheduler" Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
<EventID>140</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>140</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-10-15T07:55:58.432317300Z" />
<EventRecordID>1738</EventRecordID>
<Correlation ActivityID="{D4236B4E-E841-0003-E5BA-23D441E8CF01}" />
<Execution ProcessID="840" ThreadID="3852" />
<Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
<Computer>WWCLORAS01.apco.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="TaskUpdated">
<Data Name="TaskName">\Microsoft\Windows\RemoteAccess\RaConfigTask</Data>
<Data Name="UserName">S-1-5-18</Data>
</EventData>
</Event>
And this in the taskscheduler:
Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 10/15/2014 12:55:58 AM
Event ID: 140
Task Category: Task registration updated
Level: Information
Keywords:
User: SYSTEM
Computer: WWCLORAS01.apco.net
Description:
User "S-1-5-18" updated Task Scheduler task "\Microsoft\Windows\RemoteAccess\RaConfigTask"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TaskScheduler" Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
<EventID>140</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>140</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-10-15T07:55:58.432317300Z" />
<EventRecordID>1738</EventRecordID>
<Correlation ActivityID="{D4236B4E-E841-0003-E5BA-23D441E8CF01}" />
<Execution ProcessID="840" ThreadID="3852" />
<Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
<Computer>WWCLORAS01.apco.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="TaskUpdated">
<Data Name="TaskName">\Microsoft\Windows\RemoteAccess\RaConfigTask</Data>
<Data Name="UserName">S-1-5-18</Data>
</EventData>
</Event>
Any ideas what might be causing this? All servers are in the same domain, firewalls don't seem to be dropping anything, SCCM client is installed, but thats it.
Appreciate any feedback.
Jim

Windows 8.1 DirectAccess DNS-Problems

Hi
We use DirectAccess on Server 2012R2, Win 8 and Win 8.1 Clients (same hardware), force tunneling configured.
We can access our corporate resources (File- and Webservers) without problems.
while the Win 8 clients works great, the Win 8.1 clients make some troubles:
when in DA-Mode (external) the Connection to the file-Server works. After going in standby-mode und back online, the network-drives and the RDP-Sessions can no longer connect (host not found) für about 15 minutes or until i clear the DNS-Cache. In
the corporate Network, the standby-mode does not affect the connectivity or name resolution. Has anyone seen this problem with the win 8.1 clients too?
Thanks, Mario

Hi,
Unfortunately, the available information is not enough to have a clear view of the occurred behavior. Could you provide more information about your environment. For example,the
exact text of any error messages that you received that are associated with this problem?
The server version of the problem on, when you experience this issue what are you trying to do, when this problem occurs the system log record information, screenshots is the best information. And could you clarify “when in DA-Mode (external) the Connection
to the file-Server works. After going in standby-mode und back online” means.
Base on my experience, it maybe is the NRPT policy issue, you can refer the following KB for the further troubleshoot:
Introduction to the NRPT
http://technet.microsoft.com/en-us/library/ee649207%28v=ws.10%29.aspx
DirectAccess Client Location Awareness – NRPT Name Resolution
http://social.technet.microsoft.com/wiki/contents/articles/664.directaccess-client-location-awareness-nrpt-name-resolution.aspx
The more third party article:
Resolving DirectAccess Connectivity Issues (The easy solution
http://acbrownit.wordpress.com/2013/06/05/resolving-directaccess-connectivity-issues-the-easy-solution/
Hope this helps.

Multisite DirectAccess manual DTE address configuration

I set up DA on a server in one site and everything's working great. The IPHTTPS interface uses the prefix that I specified for DA clients as the basis for the DTE endpoint IPv6 addresses. This makes sense to me. The prefix I sepcified is a /64 that exists
within the /32 that each site gets. For example, the site has fd45:1234::/32 and I'm specifying fd45:1234:0:70::/64 as the DA client prefix. DA automatically sets the DTE endpoint IPs to fd45:1234:0:2222::1 and fd45:1234:0:2222::2
However, when adding a new entry point in a site with fd45:1256::/32 and specifying fd45:1256:0:70::/64 for DA clients prefix, DA will use the first site's subnet as the basis for the DTE addresses. So the DTE's are addressed as fd45:1234:0:2222::3 and fd45:1234:0:2222::4.
Questions therefore are:
- Do I need a completely separate addressing space for DirectAccess multisite? i.e. leave fd45::/16 for my intranet IP addressing and then use something like fd67::/16 for DA IP addresses?
- Can I manually change the DTE addresses so that they exist the in the right subnet for each site?
Cheers
Graham

Hi Graham,
Have you deployed IPv6 in the internal network?
If IPv6 is not deployed in the corporate network, an IP-HTTPS prefix for each entry point will be automatically selected when adding the entry point.
If IPv6 is deployed in the internal corporate network, you must plan an IPv6 prefix to assign to DirectAccess client computers in any additional entry points in your deployment.
Ensure that the IPv6 prefixes to assign to DirectAccess client computers in each entry point are distinct and that there is no overlap in the IPv6 prefixes.
For detailed information about planning prefixes and routing for DirectAccess, please refer to the link below,
Plan the Multisite Deployment
http://technet.microsoft.com/en-us/library/jj134162.aspx#bkmk_3_6_IPv6
Best Regards.
Steven Lee
TechNet Community Support

DirectAccess Problem on Windows 8.1, working on Windows 7

We are currently migrating to new Windows 8.1 clients, but we are having problems getting DirectAccess running.
The same configuration works fine for Windows 7 clients, but the Windows 8.1 seem stuck with a status of "connecting".
The troubleshooting tool indicates that there is a DNS problem. Pinging the IP v6 address of the DNS server is fine, however it does not resolve any entry. (The same works fine on the Windows 7 machines).

Hi,
Did the client get correct certificate?
Run commend
netsh int httpstunnel show int, what we get?
Check event log, is there any errors?

Problem adding Remote multisite Entry Point

Hi, we have DirectAccess 2012 setup for multisite with a default site with 2 DA servers with load balancing in Sweden, one DA server in Phoenix (US) and one in Romania. For the US one i had to change the entrypointDC after i had added it since otherwise
i could not use the RemoteAccess management console.. everything just hung when it could not load the configuration.. i guessing it timed out.. getting the config from the US AD server and that broke everything (hmmm...)
I am now trying to add another entry point in the US (not the same site) but cant get past "adding an entry point... Please wait while the configuration is applied.." i have waited a couple of days.. it dos not get past that.
I wanted to try the powershell command for adding a entry point to but i cant find any info on how to specify the different GPO:s correctly.. i have Windows 7 computer to so i need a server GPO , a client GPO and a windows 7 group.. and i have not
been able to figure out how to do that..
Or if its possible to change a entrypointDC while adding the entrypoint.. so it wont time out.
Anyone have any smart tips ?
BR
Daniel

Hi Daniel,
Please try to follow the guide below,
Deploy Multiple Remote Access Servers in a Multisite Deployment
http://technet.microsoft.com/en-us/library/hh831664.aspx
Besides, is there any warning or error in the event viewer?
Best Regards.
Steven Lee
TechNet Community Support

Problem with Directaccess

I followed the TechNet article to setup Directaccess on our Server but the workstations cannot connect. Looking through the server logs I think I have pinpointed to a certificate problem. I receive this error under the Active Directory Web Service
Event Log:
"Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted
Certificate Authority (CA) is installed on the machine."
I looked under the Certificates->personal->certificates on the Server and the certificate is in there.
Thanks for your help.

Hi Andy,
-->I followed the TechNet article to setup Directaccess on our Server but the workstations cannot connect.
Would you please let me know which TechNet article you used to setup DirectAccess? Just a confirmation, thanks for your understanding.
On current situation, please refer to following articles and check if can help you.
Enable DirectAccess on Windows Server 2012 Essentials
Step-By-Step: Enabling DirectAccess in Windows Server 2012 R2
If any update, please feel free to let me know.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

DirectAccess Client IPv6 Prefix problems

I've been deploying DirectAccess and have created a mixed IPv6 and IPv4 infrastructure on the internal side. The external side is IPv4.
In a single server installation I have got inbound access and manage out access working perfectly...
When I introduce another node for load balancing the new node doesn't get a different client IPv6 Prefix so the entire load-balanced cluster uses the same Client IPv6 prefix - this means I can't route manage out traffic, or even return traffic correctly.
This is using IP-HTTPS. The external network scope is 172.28.242.0/24 and there is a Citrix Netscaler to load balance the inbound traffic. The internal network scope, IPv4 172.28.246.0/24 and the IPv6 is fd11:1:1:246::/64, the next hop on the IPv6 network
is fd11:1:1:246::1 which is a Cisco ASA and that routes off to the network quite happily.
If each node in the cluster had a different client IPv6 prefix then manage out/return traffic would be very simple to organise.
Does any one know how to make each node have different client IPv6 prefixes?

Hi Ryan,
According to your description, you are using the DirectAccess with external loadbalancer.
Here is a article about how to configure a load-balanced DirectAccess cluster.
Step 3: Configure a Load-Balanced Cluster
http://technet.microsoft.com/en-us/library/jj134209.aspx#BKMK_Prefix
Besides, here is a article about planning a Load-Balanced Cluster Deployment.
Plan a Load-Balanced Cluster Deployment
http://technet.microsoft.com/en-us/library/jj134166.aspx
Best Regards.
Steven Lee
TechNet Community Support

Multisite closings, lengthy hangups, constant stop script scenarios, non resonding pages, and slow loading of FF. What is wrong with the FF upgrades. . I think FF should find a solution and fix the problem.

Since upgrading I my system has virtually come to a standstill. Lengthy opening of FF, sudden closing of multi sites, constant stop script scenarios, constant hangups, and over all extremely long processing times.

Since upgrading I my system has virtually come to a standstill. Lengthy opening of FF, sudden closing of multi sites, constant stop script scenarios, constant hangups, and over all extremely long processing times.

DirectAccess Server 2012 Configuration cannot be retrieved from domain controller

Hi everyone,
We are using DirectAccess over Server 2012. There is just one server, no load balancing.
Everything works fine, all clients can connect successfully and operations status page shows all in green. Nevertheless on the dashboard page in the configuration status section it say “Configuration for server [servername] cannot be retrieved
from the domain controller.”
I found a few hints what could cause this problem:
In my case, the RAConfigTask, a scheduled task, was not enabled on the affected WS2012 server (DA entry point in a multisite deployment). After just enabling it, the errors has gone."
http://blog.gocloud-security.ch/2013/01/11/ws2012-directaccess-and-the-configuration-for-server-server-name-retrieved-from-the-domain-controller-cannot-be-applied-error/
Group Policy was filtering out my DA server from the GPO object for some reason. To fix, I opened up Group Policy Management on the domain controller and made sure that my DA server was a part of the group."http://www.joedissmeyer.com/2012/12/more-issues-and-solutions-for.html
Server has no connectivity to the domain in order to update the policies. Run “gpupdate /force” on the server to force policy update. GPO replication might be required in order to retrieve the updated configuration.
This could be because there is no writable domain controller in the Active Directory site of the Remote Access server. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/56fedb17-1274-4e1a-b2d0-fea809f0bc45
I checked everything. Task is enabled and completed successfully, GPO is not filtered out, run gpupdate without any errors, could connect to domain controller, no errors on domain controller, domain controller is writable.
So, I have no idea what could cause this error. Any ideas or hints?
Thanks
Regards
Sebastian

i have the exact same problem i figured out that there was a problem with the logon as a service
secpol.msc --> Local Policies --> User Rights Assignement, Logon as a service i have NT Service\All Services
i can acces the group policy via the cpnsole just fine i have not connectivity issues what so ever.
i decided to open a call with microsoft, their suggestion .... we dont know reinstall so i did and here we are same problem and no solution. it is getting frustrating...

2012 R2 DirectAccess multi domain forest: Is it possible Limit Auto-discovery of domain controllers?

I've just successfully implemented Multisite server 2012 R2 DirectAccess in a child domain of a global company with numerous sub domains. I'd like to limit the scope of the auto discovery of management servers in 2012 R2 DA is anyone aware of
any way of doing this?
During the default initial configuration of DirectAccess Auto-discovery of domain controllers is performed for all domains in the same forest as the DirectAccess server and client computers.
In my scenario the number of sub domains and multinational nature of the company means that the DA servers cannot contact all DCs for every child domain in the forest.
This means the Operations Status page in the Remote Access Management console always shows the status of the Domain Controller check as "critical" leaving a red X amongst my nice green ticks. It's untidy and at first glance it looks like there
are major problems with the service.
The DA servers, Client machines and users are in a single sub domain so we have no need to contact the other child domain DCs.
I looked into using the Remove-DAMgmtServer PowerShell cmdlet however this is not applicable since it cannot be used to remove automatically configured management servers such as DCs.
Also the child domain DCs don't actually appear in the management servers list.

Hi, a colleague of mine had the same problem in a DirectAccess deployment in a large organization tat have a multi-domain forest. He had no choice to open network flow to have at least one domain controller per domain in the forest.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

Error While including the Multisite functionality

Error While including the Multisite functionality & trying to click on SiteAdministraion tab in BCC
Background: We have migrated our application from ATG v9.1 to ATG v 10.0.2 and implementing Multisite on the same
Getting this error on BCC console:
12:55:36,893 INFO [ServerImpl] JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBPAPP_5_0_0_GA date=200910202128)] Started in 2m:44s:727ms
12:57:24,234 ERROR [SiteAdminActivitySource] The acl for the custom workflow activity named siteadmin.manageSiteAssets is invalid. This activity will not be available.
atg.security.InvalidPersonaException: Profile$role$siteAdminUser
at atg.security.AccessControlListParser.setPersona(AccessControlListParser.java:239)
at atg.security.AccessControlListParser.parseAce(AccessControlListParser.java:277)
at atg.security.AccessControlListParser.parse(AccessControlListParser.java:193)
Thanks in Anticipation1

Hello Sudheer,
Increasing the Swap space is the only thing i noticed in all SAP Notes for your problem.
Configure more swapspace please and restart the installation.
Regards,
Siddhesh

DirectAccess Client not connecting without error code on Windows Server 2012 R2 and Windows 8.1

Hello,
we are currently migrating from Windows Server 2012 to 2012 R2 and are not able to get the new Direct Access Service up and running. Our goal is to establish DirectAccess connection for a handful of clients using the IPHTTPS-adapter on the default port 443.
Errors:
There is actually no error showing up. It seems the infrastructure tunnel cannot be created but none of the IPv6-transition adapters is connecting (teredo and 6-to-4 are down) and the IPHTTPs adapter gives no informations about a problem:
>Get-DAConnectionStatus
Status : Error
Substatus : CouldNotContactDirectAccessServer
>Get-NetIPHttpsState
LastErrorCode : 0x0
InterfaceStatus : Failed to connect to the IPHTTPS server; waiting to reconnect
Setup:
Our setup is a virtualized Windows Server 2012 R2 Standard running on Hyper-V. It is located behind a NAT having the Port 443 mapped to the server. The only role installed after the basic install is RRAS including DirectAccess and VPN. The assistants completed
successfully (running the configuration for DirectAccess and VPN). Operation Status says everything is green und working (for multiple days in the meanwhile). A previous direct access installation (on a different machine running Windows Server 2012) has
been removed before installing the new server. The new installation is using a different router, so this might also be the cause of a problem.
The client is a Windows 8.1 notebook located outside the company network accessing the internet through another NAT-device. The client has been able to connect to the previous DirectAccess setup but has never been able to establish a connection after the
setup of the new Direct Access server. The device has no outbound constraints concerning the NAT-device and is only running the integrated Windows Firewall.
Diagnosis:
So far I've done some basic DNS and connectivity checks. The DNS-name can be resolved correctly and the router even responds to pings. The port forward is working and HTTPs connections are generally possible (temporarily routed the port to
access the NLS-Website located on the server, which worked fine).
Network monitor shows that both computers are communicating, traffic on the expected Port 443 is incoming on the server and responses from the server reach the client.
Opening the IPHTTPs-url and in an endless page load. Sometime the browser page closes but I've never seen any result. Using telnet on the port shows that the server is accepting connections. I've even build a small test application that does a GET-Request
on the URL returning HTTP-200 and no content.
I'm currently running out of ideas what to do and since no error occurs this is kind of a bit frustrating. Any help appreciated.
Regards
Matthias

Hi,
In addition, have you disabled the DA client components on the DA client? If no, please also check
the settings on the Name Resolution Policy Table.
More information:
DirectAccess
Client Location Awareness – NRPT Name Resolution
In addition, error 0x4C9 means the remote computer refused the network connection. It may be due to the invalid
registry or corrupt drivers. For more detailed information, please refer to the link below:
Error 1225 - Error Code 0x4C9
Note:
Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best regards,
Susie

Direct Access 2012 R2 - Problems with Force Tunneling and other questions

I have just setup a Direct Access 2012 R2 server in my network, 2012 domain and all Windows 8 clients.
Internal CA environment (no external CRL) using a public issued cert for IPHTTPS tunnel, 2 interfaces for the DA server, 1 internal and 1 in the DMZ behind a NAT firewall (1 public IPv4 address) and my test clients are connecting fine to internal resources.
1. When I enable Force Tunneling the clients no longer are able to access the external internet. Is there anything I need to add to make this work?
2. I am having trouble with our Remote Desktop Session Hosts. I can only assume it has something to do with the DNS as we have our AD domain performing internal DNS of the int.contoso.com domain and public DNS performing for the external
Contoso.com domain (RDWA etc). DA has only int.contoso.com set as a DNS Name Suffix in the Infrastructure Setup. Should I add the external contoso.com Name Suffix in there too?
3. I have a Kaspersky Security Center server for centralized AV admin, can I still push out AV updates to the clients that connect with DA. Do I add my KSC server to the Management Servers list in the Infrastructure Server Setup page on the DA
setup. Does that list allow those servers to access the DA clients?

Hi,
Let's solve problems one by one. Force tunneling. When enabled, all network trafic from DirectAccess clients goes throught IPSEC tunnels. Just configure a proxy on your DirectAccess clients (with a FQDN of course) and your clients should be able to surf
internet again.
RDS : Depend. Where are your RDS servers registred internal zone DNS or external DNS zone. If a DirectAccess client cannot resolve a name it does not know if it has to go throught the tunnel. At last can you ping your RDS Server?
Remote Management : Right. Adding servers in this list allow them to use the IPSEC infrastructure tunnel (computer established tunnel) without users being logged.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

CS5.5 and WordPress Multisite

So, I upgraded from my CS4 to CS5.5 last week. I've extremely excited about the Live View / Inspector aspect of editing my php and WordPress projects. I'm running this on a suped up win 7 box. I deleted/uninstalled my old xampp setup and downloaded a new one. I'm going to have a Solr search engine for a WordPress Multisite blog/directory when I'm all done. So, I spent the time to also set up tomcat and get an instance of Solr running on my local machine. (not that this is important, but shows I'm not a complete beginner).
I've followed the tutorials on setting up WordPress to be able to do the testing server, live view and editing. Everything works fine on a new single blog install (I started a brand new one just to check and to do the Lynda.com tutorials, which are working just fine.) But, when I go to the Multisite Sub-Blog and set up the discovery of the related links DW gives me a whopping 4 files that are linked. I can follow the links on the live view pages, but the dynamic linking files are not showing up in the top toolbar? I can't jump over to the header.php file and then back to the index.php file, because they are not finding all of the linking php files.
As, I mentioned, it's a multisite only problem, becuase it's working on a single blog install just fine. I thought maybe it was because of the addressing, the testing folder was different from the root website. So, I edited the vhosts.conf file and hosts file to add a specific testing domain name and there was no change except that I don't get the error anymore when I set up the testing server that the site url of "/" doesn't match the one I had that was "/mydirectory/".
This was an older site that was set up in Dreamweaver that I just kept changing all of the local testing environment stuff, but the link to the remote server was still active. So, I thought that might be causing the trouble because it was going out to that server to try to follow some of the dynamically linked pages. So, I completely deleted everything and started over with a fresh Site with just the Testing server set up, fresh wordpress, fresh evreything. I am able to discover the related links in the file right up to when I turn on multisite in a sub-directory install and the whole discovery of related links wigs out.
If you look at the http://codex.wordpress.org/Create_A_Network I checked the dynamic links at each step. It worked turning on Multisite and going to network setup, but as soon as I entered the code in the wp-config.php file for defining a multisite and added the .htaccess file then the whole thing breaks.
I'm sure it has to do with how the path is loaded somehow dynamically, but as many people that there are running this combo, of Dreamweaver 5.5 and trying to work on Wordpress, and maybe a Multisite install since it's so much easier in 3.0+ I was surprised that there was nothing on the web about this issue.
Thanks for any help upfront.
Jerry

The WordPress Multisite does use mod rewrite in .htaccess. The contents of that are found in the link I provided on setting up a WordPress Multisite install found at WordPress.org. As each of the sub-blogs require the use of elements and data from the main site and structure to draw the pages I do not think that setting up each sub-blog as it’s own site definition would work. It would still have issues finding the relating files. I guess, if someone figured out how to use Dreamweaver on a blog hosted at wordpress.com to edit themes and such that would probably flow to solving this issue as well.
Since this is on a Development XAMPP server on my own machine, if I put the .htaccess code in my httpd.conf file instead would that make a difference? Or is it the mod rewrite that is the issue no matter where it resides?
I basically decided to set up each sub-blog as a completely separate “site” for now since all I’m sync’ing is the theme folders anyways at that point and all I was truly after was the Live View / Inspector for making the layout changes. When I did that though and activated all the plugins that I’m using I noticed some issues with file discovery as well. I saw in one of the tutorials that there was a way to link a style.css file manually for “design” prior to uploading the site. Is there anything inside of Dreamweaver that would allow us to manually add the necessary php file for the finder. I’m pretty sure that it’s getting stuck at the line that is saying (dirname(__FILE__) . “wp-load.php” or something like that (off the top of my head). Once that relative file would be found my guess is that it would discover all the other ones? Or there is an issue with the ABSPATH variable being set early on in the WordPress installation.
At this point I’ve tried a dozen different ways to get this to work and it’s obviously broken. Since it’s so prevalent (I think a lot of the posts I read had this also as a multisite drupal/joomla issue as well) that it would be something worth figuring out how to provide a work around.
Jerry

Directaccess Multisite problem

Similar Messages

Maybe you are looking for