DRIVE EFFICIENCY THROUGH AUTOMATED IT.
SAVE COST THROUGH CONSOLIDATION OF IT.
WANT TO KNOW MORE ABOUT STRATEGIC CONSULTING CLICK HERE.
MICROSOFT / RISUAL HYPER-V CLOUD EVENT 22ND MARCH 2011 CLICKHERE.
Home > Uncategorized > Microsoft Direct Access issues on a specific Windows 7 client “Network Location Behaviour : Never use Direct Access settings”

Microsoft Direct Access issues on a specific Windows 7 client “Network Location Behaviour : Never use Direct Access settings”

December 23rd, 2010 Daniel Davies Leave a comment Go to comments

We were working on an issue recently where one single machine was unable to connect to any resources via direct access.

The first thing we checked was the Direct Access Connectivity Assistant logs and found the below errors.

“RED: Corporate connectivity is not working. Windows is unable to resolve corporate network names.  Please contact your administrator if this problem persists. 18/11/2010 11:35:40 (UTC)

Probes List
FAIL        FILE: \\DC.domain.com\sysvol\domain.com\policies\policydefinitions\desktop.admx
FAIL        HTTP: http://CA.domain.com/
FAIL        PING: SERVER.domain.com

C:\Windows\system32\LogSpace\{C892E78B-EA58-4990-86D8-E3E82C7A1D12}>netsh dns show state

Name Resolution Policy Table Options
——————————————————————–

Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                        if the name does not exist in DNS or
                                        if the DNS servers are unreachable
                                        when on a private network

Query Resolution Behavior             : Resolve only IPv6 addresses for names

Network Location Behavior             : Never use Direct Access settings

Machine Location                      : Outside corporate network

Direct Access Settings                : Configured and Disabled

DNSSEC Settings                       : Not Configured”

The first thing that jumped out at us was that the DNS “Network location Behaviour” was set to “Never use Direct Access Setting” so this was the reason that all the probes failed as DNS could not resolve them.

After doing some research we came across the following MS article “http://msdn.microsoft.com/en-us/library/ff957870(PROT.10).aspx” which told us that if the following REGKEY “HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks was set to 2 , then this would force the machine to “Never use Direct Access settings”.

After checking the machines registry we could see that the value was actually set to 2 therefore forcing the machine not to use DA setting, so what we did was change this value to 0 and gave the machine a reboot and everything sprung back into life Smile

Categories: Uncategorized Tags: ,
  1. Lidvar Kornberg
    January 20th, 2011 at 13:49 | #1
    Reply | Quote

    Did you ever find out why this value was wrong? We have had some client with the same problem, and we have confirmed that the value “EnableDAForAllNetworks” was wrong, but we don’t know why this value have been set to a wrong value. This problem seems to be happen randomly, one day it worked and then suddenly the value was wrong and DA stopped working.

  2. Daniel Davies
    January 21st, 2011 at 09:40 | #2
    Reply | Quote

    This value is set if you have the DirectAccess Connectivity Assistant installed and set to “Use local DNS resolution.” Set it back to “Use corporate DNS resolution” and it will toggle the registry key.

  1. No trackbacks yet.