We use all of the available protocols - Teredo, IP-HTTPS and 6to4, on a 2012R2 server. The server has the usual two consecutive addresses to facilitate their use.
In the one case where I was able to work with the remote employee to reconfigure his router and stop it from handing out IPv6 addresses, the problem immediately disappeared. This explanation from 2011 covers the problem, but doesn't provide a solution. https://www.ivonetworks.com/news/2011/11/client-side-ipv6-and-directaccess-dont-always-get-along/ These folks have taken the sledgehammer approach, which seems highly inappropriate, and I'm not going there, and I don't even know if it works: http://www.torivar.com/2016/05/19/direct-access-client-side-ipv6-issues/ Kurt On Thu, Dec 22, 2016 at 8:02 PM, Eric Morrison <[email protected]> wrote: > Odd issue for it not to work as IPv6 is the technology it uses. Are you only > allowing 443 traffic? DA v1 used Teredo and required a few other ports if > they came in over IPv6 I believe. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, December 22, 2016 3:57 PM > To: ntsysadm <[email protected]> > Subject: [NTSysADM] Anyone here using DirectAccess? > > I've been fighting (once every couple of months) with DirectAccess over IPv6 > addresses handed out by home routers. > > Some staff (mostly Comcast and ATT customers) are getting the addresses, > along with an IPv4 address, and when that happens, it's very hit or miss > whether the computer at home will connect via DirectAccess. > > Fortunately, we have a backup SSL VPN unit, so folks can use that as an > alternative, but it's not really satisfactory to staff to have to figure out > that DirectAccess isn't working and then switch to the SSL VPN. > > I've googled off and on for a long time (months!), and posted in the > appropriate forum on Technet, with no particular resolution. > > I don't experience it, because Frontier FIOS isn't handing me an IPv6 > address, so I can't replicate it directly, and when I get a call from someone > who's suffering, they generally don't want to take the time to do the > extensive troubleshooting required > > Frustrating... > > Any thoughts welcome. > > Kurt > >
