I may have implemented DA for the company, but that doesn't mean I'm an expert at it.
But, I will try this on my test laptop, and if that seems to work, I'll try it on the user's laptop. If that fixes her problem,then I'll likely roll out a GPO to all of the DA client machines. I'll post back to the list with what I find. I'm looking at several entries from Richard Hick's blog on the subject now. With any luck, this will become moot in a month or so, as we'll be migrating to the 2012R2 version of DA. Kurt On Fri, Mar 4, 2016 at 4:35 PM, Brian E Carpenter <[email protected]> wrote: > I would suggest: > > netsh interface ipv6 6to4 set state state=disabled > > You don't want to go near 6to4 these days > (http://tools.ietf.org/html/rfc7526). > Use real IPv6 or no IPv6. > > Regards > Brian (co-author of 6to4, but that was 15 years ago) > > On 05/03/2016 13:06, Kurt Buff wrote: >> Reviving an old thread, with a new twist. >> >> I've currently got a similar problem with another user, but with two >> differences: >> - The connection in this case is ATT, not Comcast >> - The machine this time is running Win8.1 and not Win7 >> >> What I've zeroed in on is two stanzas from ipconfig /all: >> >> On my test machine (Also Win8.1), sitting outside of my corporate >> firewall on a public IP address, I see the following: >> >> Tunnel adapter 6TO4 Adapter: >> >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Microsoft 6to4 Adapter >> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> IPv6 Address. . . . . . . . . . . : 2002:4332:7632::4332:7632(Preferred) >> Default Gateway . . . . . . . . . : 2002:4332:7626::4332:7626 >> DHCPv6 IAID . . . . . . . . . . . : 268435456 >> DHCPv6 Client DUID. . . . . . . . : >> 00-01-00-01-1E-45-38-94-00-26-2D-FA-9F-EF >> DNS Servers . . . . . . . . . . . : 8.8.8.8 >> NetBIOS over Tcpip. . . . . . . . : Disabled >> >> Tunnel adapter Teredo Tunneling Pseudo-Interface: >> >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface >> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> IPv6 Address. . . . . . . . . . . : >> 2001:0:4332:7626:2803:8c2:bccd:89cd(Preferred) >> Link-local IPv6 Address . . . . . : fe80::2803:8c2:bccd:89cd%9(Preferred) >> Default Gateway . . . . . . . . . : >> DHCPv6 IAID . . . . . . . . . . . : 285212672 >> DHCPv6 Client DUID. . . . . . . . : >> 00-01-00-01-1E-45-38-94-00-26-2D-FA-9F-EF >> NetBIOS over Tcpip. . . . . . . . : Disabled >> >> On her machine, which is on a wireless connection at her home on ATT, >> I see this: >> >> Tunnel adapter 6TO4 Adapter: >> >> Connection-specific DNS Suffix . : attlocal.net >> Description . . . . . . . . . . . : Microsoft 6to4 Adapter >> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> IPv6 Address. . . . . . . . . . . : 2002:100:69::100:69(Preferred) >> Default Gateway . . . . . . . . . : >> DHCPv6 IAID . . . . . . . . . . . : 553648128 >> DHCPv6 Client DUID. . . . . . . . : >> 00-01-00-01-1D-CC-30-DE-34-E6-D7-13-7E-02 >> DNS Servers . . . . . . . . . . . : 1.0.0.1 >> NetBIOS over Tcpip. . . . . . . . : Disabled >> >> Tunnel adapter Teredo Tunneling Pseudo-Interface: >> >> Media State . . . . . . . . . . . : Media disconnected >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface >> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> >> >> >> She's able to get an IPv4 connection at her location using our SSL >> VPN, and she states that when at her local coffee shop her >> DirectAccess connection works, though I haven't been able to confirm >> that yet. >> >> I'm going to see next week if I can take a peek at her router/firewall >> configuration and glean any clues from it, and also see if she's >> willing to make a trip to the coffee shop to do some work with me from >> there. >> >> I'm not certain if prefix policies have anything to do with this >> problem, as I'm not seeing the relevant IPv6 addresses for >> DirectAccess anywhere in her ipoconfig output. >> >> Any thoughts or comments would be appreciated. >> >> Kurt >> >> On Sat, Dec 19, 2015 at 1:37 PM, Kurt Buff <[email protected]> wrote: >>> All, >>> >>> I ran into an interesting situation some months ago which still >>> baffles me, and though I was able to work around it, I expect it will >>> happen again. >>> >>> We implemented MSFT DirectAcess at our company quite some time ago >>> (using 2008R2 and Forefront 2010), and it works extremely well. >>> >>> At least it worked well for everyone until one of the employees got >>> his Comcast connection upgraded, and then DirectAccess didn't work for >>> that employee any more. >>> >>> We proved that if he tethered to his cell phone, that would work, and >>> if he used an SSL VPN client while on his Comcast connect that would >>> work, but DirectAccess would not work at home. >>> >>> Finally, I discovered that his Comcast-installed router was handing >>> our IPv6 addresses on his home LAN. Turning that off enabled >>> DirectAccess to work again. >>> >>> We do not have an assigned IPv6 block from our ISP, though of course >>> MSFT OSes use it, and auto-assign themselves addresses, but for now >>> we're ignoring it. >>> >>> Has anyone run into this problem and solved it - not by turning off >>> iIPv6 address assignment for the home LAN, but really solved it? If >>> so, how did you do that? >>> >>> Would getting and implementing an IPv6 assignment from our ISP cure >>> the problem, or make it worse? >>> >>> I've found little guidance from MSFT about DirectAccess in an IPv6 >>> environment, though I admit I haven't been terribly diligent in my >>> searches. >>> >>> Kurt >>
