We have been using direct access for remote access for a while now and are VERY happy with it, however we came across an interesting issue with one client who is a windows 7 user and decided they wanted to be added to the direct access group.

 

So as usual we add the computer name to the group and refresh group policy on the client to ensure they now get the direct access settings….

disconnect from the network and try and access corporate resources….

we try a basic ping first to an internal server and it doesnt respond… so we run the follow commands netsh interface httpstunnel show interface and found it was deactivated and then netsh interface teredo show state and found it was ok and found it self in an unmanaged network!

next which seems to be a common issue we check the firewall, this was turned off so turned it on and we can now start pinging internal servers!

fantastic, so next we tried to access via rdp a server internally and we could not get there and then access a web page internal and still could not access…

we install the direct access connectivity assistant but it didnt provide much, we changed certificate, ensured root ca was installed correctly, verfiy we could resolve the correct external address , checked registry, event view everything but nothing was coming back an error.

Now i read a while ago about teredo doing some funny stuff stopping access to internal resources….so i just for the hell of it tried disabling the teredo interface

netsh interface teredo set disable

and we were in! all ok , httpstunnel activated and we were working.

we re-enabled it just to see via netsh interface teredo set default and our internal access was broken again..

so in this case for this laptop we have to leave teredo disabled….

Advertisements