All, I got a call from a sales guy who works out of his home. He's running Win7 Enterprise on a machine we provisioned for him, and we're running DirectAccess on UAG 2010 SP1. He stated that several weeks ago DA stopped working. We have an Aventail SSL VPN as a backup, and that works - mostly.
Performed diagnostics, with the following results: o- He has sent the DCA (DirectAccess Connectivity Assitant) logs to me, and I worked through them to see if anything was amiss, and everything looked fine. o- GPOs are applied and group memberships for the computer are correct (gpresult /h) o- When not connected via the Aventail client, can ping external resources (e.g., Our public web presence as www.example.com, hosted by a third party) and cannot ping internal resources by name (e.g. dc1.example.com), but can ping internal resources via IPv6 address (!?! - very odd). o- When connected via the Aventail client, can ping internal resources (gets name resolution, returns IPv4 address), but cannot ping external resources (name resolves to IPv4 address but ping doesn't return (!?! - again, very odd). o- He lives in San Diego, his ISP is ATT, and ipconfig reveals IPv6 configuration from them. o- Everything works perfectly (albeit more slowly) when he makes a connection by tethering to his Verizon phone. It's the last two that allowed me to figure this out. DirectAccess only really works if you don't have a "real" (that is, ISP-assigned, public) IP address. Once we turned off IPv6 address assignment on his router at home, and he rebooted his laptop, all is happy again. Kurt
