It Calls

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 30 April 2012

DirectAccess IPHTTPS interface qualify over Teredo

Posted on 14:57 by Unknown
Its been noticed on several Direct access deployments that the Client IPHTTPS interface gets connected first over the Teredo interface although nothing is preventing the Teredo interface to get activated. Most of the clients won't prefer the IPHTTPS because of its high overhead and low performance compared to Teredo or 6to4. After some investigation and consulting Microsoft esclation engineers it turned out that its a well known issue on several clients where the Teredo and IPHTTPS race together and IPHTTPS wins at the end due to timing issues. This is elaborated in details on the following Microsoft Technet article http://technet.microsoft.com/en-us/library/ee844161(WS.10).aspx


As per that attached below image extracted from the above mentioned article that this issue can occur and IPHTTPS will win and get qualified first.

IPHTTPS qualify over Teredo due to timing issues

 To test whether my client is in this condition, i ran IPCONFIG /ALL on my client machine and i noticed that i have public addresses on both my Teredo and IPHTTPS interface as per attached.

Both IPHTTPS and Teredo interface have public IP address



To make sure you are using always Teredo you can implement one of the following workarounds:

  1. Disable IPHTTPSinterface from the Device Manager - View Hidden devices - Network adapters (unless you need IPHTTPS in locations where Teredo UDP port is blocked)
  2. After logging and connecting using the IPHTTPS, Restart the "IP Helper" Service.


For more information about this issue please check Tom Shinder article http://blogs.technet.com/b/tomshinder/archive/2010/08/24/why-are-both-the-teredo-and-ip-https-interfaces-active.aspx

Also its recommended to patch the UAG/Direct Access server with the latest fixes related to Direct Access, the most recent updates/fixes are as follows:

http://support.microsoft.com/kb/2686921
http://support.microsoft.com/kb/2633127
http://support.microsoft.com/kb/2680464



Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in DirectAccess | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Error 0x803100B7 Group Policy settings require the creation of a startup PIN, but a pre-boot keyboard is not available on this device
    I Purchased few weeks ago the Microsoft Surface Pro tablet, its a very nice production tablet that really enables remote users to run their ...
  • How to Publish New Certificate Revocation List (CRL) from Offline Root CA to Active Directory and Inetpub
    Its highly recommended when building your Microsoft PKI (Public Key Infrastructure) to have your Root CA offline after issuing the Enterpris...
  • WMI Unhealthy on 2008R2 Domain Controllers - WBEM_E_QUOTA_VIOLATION
    Windows Management Instrumentation (WMI) is a key core windows management technology. It provides a consistent approach to carry day to day ...
  • The Card Supplied Requires Drivers that are not present on this System
    I recently started getting the above mentioned Logon warning Message (Check below screen shot) while logging on my old 2003 and 2003R2 serve...
  • Manual Install of UAG 2010/Remote App and RDS Portal Components
    Microsoft UAG 2010 main functions are Application Publishing and Enhanced DirectAccess deployment. The Application publishing allows you to ...
  • DHCP Superscope Keeps reverting back after Deletion
    I passed by this experience after the deletion of a DHCP superscope where the Superscope reverts back after the DHCP server is rebooted or a...
  • How to Clean Microsoft WSUS Content Folder from Old and unneeded Products
    Microsoft WSUS administrators sometimes tend to select all given Products (Options - Products and Classifications) and by time the WSUS cont...
  • A new MVP is here from Egypt
    I am pleased to announce and share with you all that I have been awarded the prestigious Microsoft Most Valuable Professional (MVP) award in...
  • How to Manually Delete Old/Empty WSUS computer Group from Database
    Recently i was trying to delete/Remove one of the old computer groups under WSUS Console - Computers - All Computers. This Group was an old ...
  • Manual add of Shares to Microsoft UAG File Access
    Microsoft UAG 2010 File Access is a nice feature to securely publish your internal shares on your UAG Portal for Internet users. To successf...

Categories

  • Active Directory
  • Bitlocker
  • DirectAccess
  • Hyper-V
  • Lync
  • PKI
  • SQL
  • System Center
  • UAG
  • WSUS

Blog Archive

  • ►  2014 (1)
    • ►  January (1)
  • ►  2013 (27)
    • ►  December (5)
    • ►  November (4)
    • ►  October (2)
    • ►  September (1)
    • ►  August (4)
    • ►  July (4)
    • ►  May (1)
    • ►  April (2)
    • ►  March (3)
    • ►  February (1)
  • ▼  2012 (25)
    • ►  December (2)
    • ►  November (3)
    • ►  October (3)
    • ►  September (2)
    • ►  August (2)
    • ►  July (2)
    • ►  May (2)
    • ▼  April (1)
      • DirectAccess IPHTTPS interface qualify over Teredo
    • ►  March (3)
    • ►  February (2)
    • ►  January (3)
  • ►  2011 (5)
    • ►  December (2)
    • ►  November (3)
Powered by Blogger.

About Me

Unknown
View my complete profile