S
Sul
Hi,
I am attempting to deploy Direct Access on a Windows 2012 R2 server with a single network card. I want to deploy Direct access only (no VPN). When applying the Getting Started Wizard Settings, I come across the following output and error (in bold below). Can someone please point me in the right direction on how to even begin troubleshooting?
Initializing operations before applying configuration
Preparing to apply configuration changes...
Backing up GPOs...
Configuring Remote Access settings
Retrieving server GPO details...
Clearing existing stale configuration settings. This might take a few minutes...
Checking the specified adapters...
Deploying the Remote Access server behind NAT...
Searching for a network location server certificate...
Warning: To deploy a network load balanced cluster or multisite deployment, obtain a certificate for the network location server with a subject name that is different from the internal name of the Remote Access server.
Checking the specified adapters...
Checking for a native IPv6 deployment...
Verifying the IP-HTTPS certificate...
Retrieving internal network DNS settings...
Verifying the GPO to write settings...
Creating the GPO. Linking the GPO to the domain...
Checking for a client GPO to write settings...
Creating the GPO. Linking the GPO to the domain...
Checking for permissions to apply DirectAccess client policies to the GPO...
Identifying all domains...
Identifying infrastructure servers in domain domain.com...
Registering the DNS entry used to check client connectivity...
Warning: A DNS entry for DNS probe directaccess-corpConnectivityHost.domain.com (IP addresses 127.0.0.1; fd3d:7aea:39f9:7777::7f00:1) cannot be added. Add the entry manually.
Registering the web probe in DNS...
Clearing existing stale configuration settings...
Creating DirectAccess client policies...
Updating client policies...
Initializing accounting settings...
Writing settings to the server GPOs...
Writing settings to the client GPOs...
Updating local settings...
Applying GPOs on the Remote Access servers...
Updating Network Connectivity Assistant settings
Error: No such host is known.
Finishing operations after applying configuration
Information: Attempting to roll back the configuration...
HERE ARE ALL THE CONFIGURATION DETAILS:
The server has a public and private address with dns mappings similar to the ones below:
Private IP mappings
192.168.1.160 -> DirectAccess-NLS.domain.com
192.168.1.160 -> DirectAccess-WebProbeHost.domain.com
Public IP mappings
xxx.xxx.xxx.xxx (public IP) -> web.domain.com
xxx.xxx.xxx.xxx (public IP) -> da.domain.com
To configure Remote Access Setup, I am running the "Getting Started Wizard" with these choices:
Deploy DirectAccess only
Select the network topology of the server: Behind an edge device (with a single network adapter)
Type the public name of IPv4 address used by clients to connect to the Remote Access server: public IP address xxx.xxx.xxx.xxx
DirectAccess server GPO name: DirectAccess Server Settings
Client GPO name: DirectAccess Client Settings
DirectAccess settings will be applied to all mobile computers in security groups: DOMAIN\Domain Computers
Resource used to verify internal network connectivity: A default web probe to check corporate connectivity will be created automatically
DirectAccess connection name: Workplace Connection
Public name or address to which remote clients connect: xxx.xxx.xxx.xxx (public IP)
Network adapter connected to the Internet (via NAT device): Ethernet
DNA suffixes used by DirectAccess clients:
domain.com | 192.168.1.160
web.domain.com | <blank>
Thank you!!
Continue reading...
I am attempting to deploy Direct Access on a Windows 2012 R2 server with a single network card. I want to deploy Direct access only (no VPN). When applying the Getting Started Wizard Settings, I come across the following output and error (in bold below). Can someone please point me in the right direction on how to even begin troubleshooting?
Initializing operations before applying configuration
Preparing to apply configuration changes...
Backing up GPOs...
Configuring Remote Access settings
Retrieving server GPO details...
Clearing existing stale configuration settings. This might take a few minutes...
Checking the specified adapters...
Deploying the Remote Access server behind NAT...
Searching for a network location server certificate...
Warning: To deploy a network load balanced cluster or multisite deployment, obtain a certificate for the network location server with a subject name that is different from the internal name of the Remote Access server.
Checking the specified adapters...
Checking for a native IPv6 deployment...
Verifying the IP-HTTPS certificate...
Retrieving internal network DNS settings...
Verifying the GPO to write settings...
Creating the GPO. Linking the GPO to the domain...
Checking for a client GPO to write settings...
Creating the GPO. Linking the GPO to the domain...
Checking for permissions to apply DirectAccess client policies to the GPO...
Identifying all domains...
Identifying infrastructure servers in domain domain.com...
Registering the DNS entry used to check client connectivity...
Warning: A DNS entry for DNS probe directaccess-corpConnectivityHost.domain.com (IP addresses 127.0.0.1; fd3d:7aea:39f9:7777::7f00:1) cannot be added. Add the entry manually.
Registering the web probe in DNS...
Clearing existing stale configuration settings...
Creating DirectAccess client policies...
Updating client policies...
Initializing accounting settings...
Writing settings to the server GPOs...
Writing settings to the client GPOs...
Updating local settings...
Applying GPOs on the Remote Access servers...
Updating Network Connectivity Assistant settings
Error: No such host is known.
Finishing operations after applying configuration
Information: Attempting to roll back the configuration...
HERE ARE ALL THE CONFIGURATION DETAILS:
The server has a public and private address with dns mappings similar to the ones below:
Private IP mappings
192.168.1.160 -> DirectAccess-NLS.domain.com
192.168.1.160 -> DirectAccess-WebProbeHost.domain.com
Public IP mappings
xxx.xxx.xxx.xxx (public IP) -> web.domain.com
xxx.xxx.xxx.xxx (public IP) -> da.domain.com
To configure Remote Access Setup, I am running the "Getting Started Wizard" with these choices:
Deploy DirectAccess only
Select the network topology of the server: Behind an edge device (with a single network adapter)
Type the public name of IPv4 address used by clients to connect to the Remote Access server: public IP address xxx.xxx.xxx.xxx
DirectAccess server GPO name: DirectAccess Server Settings
Client GPO name: DirectAccess Client Settings
DirectAccess settings will be applied to all mobile computers in security groups: DOMAIN\Domain Computers
Resource used to verify internal network connectivity: A default web probe to check corporate connectivity will be created automatically
DirectAccess connection name: Workplace Connection
Public name or address to which remote clients connect: xxx.xxx.xxx.xxx (public IP)
Network adapter connected to the Internet (via NAT device): Ethernet
DNA suffixes used by DirectAccess clients:
domain.com | 192.168.1.160
web.domain.com | <blank>
Thank you!!
Continue reading...