DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Windows Server DirectAccess

  • jbainbridge
  • Topic Author
  • User
  • User
More
28 Feb 2018 23:54 #1 by jbainbridge
Windows Server DirectAccess was created by jbainbridge
Does anyone have any experience of getting DirectAccess to work?

I am using a 2860 router.

I have redirected the following to the DirectAccess server -
tcp 443
udp 3544
tcp 62000

I did previously have the SSL vpn enabled and have disabled that.

The troubleshooting tool reports -
NLS is not reachable via HTTPS. The client computer is not connected to the corporate network...

There is also talk of enabling 'protocol 41' ... 6to4 ... which I don't understand.

Any suggestions / pointers would be much appreciated.

Thanks!

Please Log in or Create an account to join the conversation.

  • cocospm
  • User
  • User
More
01 Mar 2018 11:33 #2 by cocospm
Replied by cocospm on topic Re: Windows Server DirectAccess
Given the very little info you have given (Windows Server version, multi- or single-homed, etc.), it is impossible to help you properly. That said, why have you opened those ports and why are you considering opening more? The only port that should be forwarded to your Remote Access server is TCP 443.

You don't need UDP 3544 for DA, and you *MUST NOT* open TCP 62000 - apart from the security ramifications of this, off-site clients must not be able to see the NLS, as it will make them think they are on the local network when they're not. This is the one and only purpose of the NLS - it's a LAN-internal website whose accessibility allows a client to determine whether it is on the LAN or not.

Close the ports in your 2860 that shouldn't be open, then go back to your server and open the Remote Access Management Console dashboard and make sure you have all greens in the Operational Status. Then test again. There are lots of DA troubleshooting tips and tools around, but this forum is not the place to address them.

Please Log in or Create an account to join the conversation.

  • jbainbridge
  • Topic Author
  • User
  • User
More
01 Mar 2018 15:06 #3 by jbainbridge
Replied by jbainbridge on topic Re: Windows Server DirectAccess
Er ... thanks.

Server 2012R2
Single network card

The operational status is all green.

Thanks for the port info ... unnecessary ones now closed.

Not convinced the port redirection is working on port 443 ... but can't see a way of proving it.

I have run the DA troubleshooter but as stated the only meaningful statement is that the NLS is not reachable.

Please Log in or Create an account to join the conversation.

More
01 Mar 2018 17:16 #4 by piste basher
Replied by piste basher on topic Re: Windows Server DirectAccess
Assuming you do not have the router remote access running on 443 as well this sounds like a certificate error. Does this help? https://directaccess.richardhicks.com/2015/02/09/directaccess-network-location-server-guidance/

Please Log in or Create an account to join the conversation.