That's troubling, we have many of the pieces in place now, but haven't gone live yet as we are trying to rid ourselves of roaming profiles first--very painful over DA to wait around for those to load, if they do at all.
Testing from here has worked, but that has all been through a couple of cell connections, although they do have v6 addresses dished to them (Verizon for mine). I still have Comcast at home, so it sounds like time to fire up a test. Do you have native v6 to the edge on your server end, or are you using NAT? We have native v6, so not sure if it will make a difference. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Thursday, December 22, 2016 9:16 PM To: ntsysadm <[email protected]> Subject: Re: [NTSysADM] Anyone here using DirectAccess? We use all of the available protocols - Teredo, IP-HTTPS and 6to4, on a 2012R2 server. The server has the usual two consecutive addresses to facilitate their use. In the one case where I was able to work with the remote employee to reconfigure his router and stop it from handing out IPv6 addresses, the problem immediately disappeared. This explanation from 2011 covers the problem, but doesn't provide a solution. https://www.ivonetworks.com/news/2011/11/client-side-ipv6-and-directaccess-dont-always-get-along/ These folks have taken the sledgehammer approach, which seems highly inappropriate, and I'm not going there, and I don't even know if it works: http://www.torivar.com/2016/05/19/direct-access-client-side-ipv6-issues/ Kurt On Thu, Dec 22, 2016 at 8:02 PM, Eric Morrison <[email protected]> wrote: > Odd issue for it not to work as IPv6 is the technology it uses. Are you only > allowing 443 traffic? DA v1 used Teredo and required a few other ports if > they came in over IPv6 I believe. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Thursday, December 22, 2016 3:57 PM > To: ntsysadm <[email protected]> > Subject: [NTSysADM] Anyone here using DirectAccess? > > I've been fighting (once every couple of months) with DirectAccess over IPv6 > addresses handed out by home routers. > > Some staff (mostly Comcast and ATT customers) are getting the addresses, > along with an IPv4 address, and when that happens, it's very hit or miss > whether the computer at home will connect via DirectAccess. > > Fortunately, we have a backup SSL VPN unit, so folks can use that as an > alternative, but it's not really satisfactory to staff to have to figure out > that DirectAccess isn't working and then switch to the SSL VPN. > > I've googled off and on for a long time (months!), and posted in the > appropriate forum on Technet, with no particular resolution. > > I don't experience it, because Frontier FIOS isn't handing me an IPv6 > address, so I can't replicate it directly, and when I get a call from > someone who's suffering, they generally don't want to take the time to > do the extensive troubleshooting required > > Frustrating... > > Any thoughts welcome. > > Kurt > >
