It Calls

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 30 April 2012

DirectAccess IPHTTPS interface qualify over Teredo

Posted on 14:57 by Unknown
Its been noticed on several Direct access deployments that the Client IPHTTPS interface gets connected first over the Teredo interface although nothing is preventing the Teredo interface to get activated. Most of the clients won't prefer the IPHTTPS because of its high overhead and low performance compared to Teredo or 6to4. After some investigation and consulting Microsoft esclation engineers it turned out that its a well known issue on several clients where the Teredo and IPHTTPS race together and IPHTTPS wins at the end due to timing issues. This is elaborated in details on the following Microsoft Technet article http://technet.microsoft.com/en-us/library/ee844161(WS.10).aspx


As per that attached below image extracted from the above mentioned article that this issue can occur and IPHTTPS will win and get qualified first.

IPHTTPS qualify over Teredo due to timing issues

 To test whether my client is in this condition, i ran IPCONFIG /ALL on my client machine and i noticed that i have public addresses on both my Teredo and IPHTTPS interface as per attached.

Both IPHTTPS and Teredo interface have public IP address



To make sure you are using always Teredo you can implement one of the following workarounds:

  1. Disable IPHTTPSinterface from the Device Manager - View Hidden devices - Network adapters (unless you need IPHTTPS in locations where Teredo UDP port is blocked)
  2. After logging and connecting using the IPHTTPS, Restart the "IP Helper" Service.


For more information about this issue please check Tom Shinder article http://blogs.technet.com/b/tomshinder/archive/2010/08/24/why-are-both-the-teredo-and-ip-https-interfaces-active.aspx

Also its recommended to patch the UAG/Direct Access server with the latest fixes related to Direct Access, the most recent updates/fixes are as follows:

http://support.microsoft.com/kb/2686921
http://support.microsoft.com/kb/2633127
http://support.microsoft.com/kb/2680464



Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in DirectAccess | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Error 0x803100B7 Group Policy settings require the creation of a startup PIN, but a pre-boot keyboard is not available on this device
    I Purchased few weeks ago the Microsoft Surface Pro tablet, its a very nice production tablet that really enables remote users to run their ...
  • Microsoft Hyper-V VMMS & System services stop after December 2012 Updates (KB2506143)
    I had an issue recently with some Hyper-V servers where it was noticed that the Hyper-V system services (VMMS, VHDSVC & NVSPWMI) gets st...
  • Two DNS Records with same IP Address. Aging and Scavenging problems with DHCP Lease duration !!
    Aging and Scavenging is very crucial and important for Active Directory Integrated zone, it should be carefully planned and configured. We r...
  • How to Publish New Certificate Revocation List (CRL) from Offline Root CA to Active Directory and Inetpub
    Its highly recommended when building your Microsoft PKI (Public Key Infrastructure) to have your Root CA offline after issuing the Enterpris...
  • Windows 7 Direct Access Client Troubleshooting – Part 1 – Client Transition Technologies
    During the past few months I was heavily engaged with different DirectAccess implementations and passed by several interesting issues/proble...
  • Manual Install of UAG 2010/Remote App and RDS Portal Components
    Microsoft UAG 2010 main functions are Application Publishing and Enhanced DirectAccess deployment. The Application publishing allows you to ...
  • The Card Supplied Requires Drivers that are not present on this System
    I recently started getting the above mentioned Logon warning Message (Check below screen shot) while logging on my old 2003 and 2003R2 serve...
  • UAG Direct Access IP-HTTPS fail with SAN Certificate
    Lately I passed by this issue with a client trying to implement the UAG Direct Access using UCC SAN (Subject Alternative Name) Certificate. ...
  • AD CS not configured for Revocation checking of all certificates
    Recently the SCOM server (One of your best friends on the network) started reporting the error "AD CS not configured for Revocation che...
  • Surface 2 RT Bitlocker Recovery Key problem is fixed
    Windows Surface 2 RT comes already pre-setup with Bitlocker encryption, the user don't need to do anything to enable it or set/type a pa...

Categories

  • Active Directory
  • Bitlocker
  • DirectAccess
  • Hyper-V
  • Lync
  • PKI
  • SQL
  • System Center
  • UAG
  • WSUS

Blog Archive

  • ►  2014 (1)
    • ►  January (1)
  • ►  2013 (27)
    • ►  December (5)
    • ►  November (4)
    • ►  October (2)
    • ►  September (1)
    • ►  August (4)
    • ►  July (4)
    • ►  May (1)
    • ►  April (2)
    • ►  March (3)
    • ►  February (1)
  • ▼  2012 (25)
    • ►  December (2)
    • ►  November (3)
    • ►  October (3)
    • ►  September (2)
    • ►  August (2)
    • ►  July (2)
    • ►  May (2)
    • ▼  April (1)
      • DirectAccess IPHTTPS interface qualify over Teredo
    • ►  March (3)
    • ►  February (2)
    • ►  January (3)
  • ►  2011 (5)
    • ►  December (2)
    • ►  November (3)
Powered by Blogger.

About Me

Unknown
View my complete profile