cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with "Microsoft DirectAccess"

elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Problems with "Microsoft DirectAccess"

Apologies if this is covered elsewhere, but a search of the forums for "directaccess" didn't show anything.
My wife is trying to configure her laptop to connect to her work system. The mechanism to be used for this is "Microsoft DirectAccess", (see http://technet.microsoft.com/en-us/network/dd420463.aspx) which as I understand it is a Microsoft proprietary protocol that provides VPN-like functionality that's got extra security.
It's meant to be very simple, and to "just work".  Perhaps because it's so simple, there seems to be very little in the way of error logs that you can look at when things go wrong.  But it is not working over plusnet, and we're getting no useful error logging at all (either at client or server end)
This is what we've tried that works:
- work colleagues' laptops at their houses (using BT/Virgin broadband)
- wife's laptop connecting via a mobile phone hotspot through 3 (three.co.uk)
This is what we've tried that doesn't work:
- wife's laptop connecting over wifi through home ADSL router to plusnet
We've tried two separate ADSL routers (a netgear and a belkin). 
We assume that wife's laptop is configured OK, because it CAN do DirectAccess when going through the mobile phone hotspot.
But when trying over home ADSL/plusnet, it fails.
My suspicion is that there is something funny about either wife's laptop, or the DirectAccess configuration at her office, which for some reason is tolerated by the 3G connection, but not by the plusnet one.
But I wondered if anyone at all has ever used Microsoft DirectAccess over a plusnet ADSL connection and can just confirm either "yes it works fine", or "no, it doesn't work"
I suspect the reason that there are no other topics in the forums about this means either
- it's just so simple that no-one has ever had any problems at all (implying that something specific to wife's laptop is broken)
- it's never going to work, and everyone else thinks it's so obviously not going to work that they don't even bother to ask in the forum
any input appreciated, thanks
19 REPLIES
Plusnet Help Team
Plusnet Help Team
Posts: 12,994
Thanks: 142
Fixes: 46
Registered: 27-04-2007

Re: Problems with "Microsoft DirectAccess"

It sounds very much like this could either be an issue with the router itself unless it's related to our network specifically.
I know you've not been able to find much out but does the user of directaccess require access via any specific ports? if so it might be worth looking at setting up an appropriate application rule on the router.
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

Adam
Thanks very much for your reply.
We have tried two separate routers.
The first is a Netgear router, and we spent a long time fiddling around with settings and firewall
stuff on there (including turning the firewall off and disabling ALL security stuff) before concluding
that perhaps it wasn't up to the job.
So then we bought a Belkin router, and are having the same problem (well, it may not be the *same*
problem, but the effect is the same - it fails to connect) when using that.
So it *could* be a router issue, but in that case it's common to two separate routers.
That's why I was wondering whether anyone else might ever have got DirectAccess working through
plusnet - if someone can say "oh yes, worked like a dream", then we'd know plusnet is not the problem.
As things stand, the fact that this laptop can do DirectAccess over 3G, and at wifi access points in
other people's homes (who aren't on plusnet), it seems that the issue might relate to the plusnet
side of things
nick
Community Veteran
Posts: 26,637
Thanks: 868
Fixes: 10
Registered: 10-04-2007

Re: Problems with "Microsoft DirectAccess"

Have you tried changing the settings on the Plusnet firewall? https://portal.plus.net/my.html?action=firewall ('off' might be a good one to try!)
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

Thanks - good idea, but I already did that, the firewall is "off" already
dick:quote
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

we have a support call open with plusnet at the moment, and have been asked to provide a wireshark trace. I'll
update this with any further info but still am interested to hear from anyone who's had DirectAccess working!
thanks
nick
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Re: Problems with "Microsoft DirectAccess"

Hi Nick,
I've done what digging I can and cannot locate an obvious reason for this to fail the way you describe. It does however sound like the errors are far from helpful.
The packet captures will help us confirm if our network is placing this into the correct queue. If not, this could cause lost packets and even latency, both of which can have an impact on VPN which can be time sensitive.
A couple of other things that would really help.
1: Ask the remote administrator what error they are seeing. This may indicate some form of rejection or error.
2: Ask the remote administrator if they are using extended security modes, such as payload checksums, which include a header checksum within them.
Hopefully, we can get an answer as to why this happens.
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

Hi Phil

> I've done what digging I can and cannot locate an obvious reason for this to fail the way you describe. It does however sound like the errors are far from helpful.
ok thanks. Incidentally, do you know if anyone else has ever successfully got Microsoft DirectAccess working via plusnet?

> 1: Ask the remote administrator what error they are seeing. This may indicate some form of rejection or error.
my wife says: "No errors at other end no connection is being made"

> 2: Ask the remote administrator if they are using extended security modes, such as payload checksums, which include a header checksum within them.
"no extended security modes"
We will try the wireshark trace (may not be until I get home later this evening)
nick
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Re: Problems with "Microsoft DirectAccess"

Thanks Nick,
I am not aware of any of our customers specifically using MS DirectAccess.
As general rule of thumb though, this is a product that has been out there for some time and would expect some of our customers to be using it in some shape or form. The lack of noise that it doesn't work is encouraging in that regard, but obviously does not answer if or not anybody is using it.
Quote
> 1: Ask the remote administrator what error they are seeing. This may indicate some form of rejection or error.
my wife says: "No errors at other end no connection is being made"

This is interesting. The fact that no attempt is reaching the other end is a concern and does open up a few more possible sources of the problem.
Most of my questions that spring to mind from this, can be answered through the wireshark, so we will await the details from that.
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Re: Problems with "Microsoft DirectAccess"

Thanks,
I got the capture.
The capture does not show the machine is making a specific request to an external host to start the connection. However I do suspect that DNS is failing/succeeding in an incorrect way, which is integral to this starting bit.
I've asked for a few other details to do some direct comparison of success and failure. If you can provide that, it would greatly assist.
Thanks.
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

For the benefit of anyone interested - dialog with plusnet support is continuing - they are being very helpful so although the problem has not yet been sorted out I am hopeful that they're going to get to the bottom of it.
I will post an update here when the call is closed, so that this note will contain information about the resolution
nick
active8
Grafter
Posts: 31
Registered: 18-11-2011

Re: Problems with "Microsoft DirectAccess"

Has their IT department been of any help?
We use DirectAccess at work and are currently testing it with some new mobile workers - we endeavour to help our staff get online even when working from home.
She doesn't work for a housing association in the south west?
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

Hi active8
> Has their IT department been of any help?
>
They have been very responsive and seem to be asking sensible questions.  Unfortunately we
don't yet have a fix. 
The most recent suggestion was that the problem might be due to the fact that my Plusnet account
had a fixed static IP address, and that this address might be being blocked by something - which
might explain why we don't see the problem when using the same laptop to connect over
DirectAccess from someone else's house (although they're not on Plusnet).
But today they changed the IP address that I get given, and DirectAccess still doesn't work.  So
either that's not it, or the NEW address they've given me is also subject to the same problem.
So investigation continues.

> We use DirectAccess at work and are currently testing it with some new mobile workers - we endeavour
> to help our staff get online even when working from home.
>
Do you know any of your staff who's using DirectAccess over Plusnet?  It would be really helpful to know
if it can work.  (Or even if it can't). I do have some friends on Plusnet, but none of them is using DirectAccess,
so at the moment, I've only got a sample size of one!
> She doesn't work for a housing association in the south west?
No, she doesn't.  We live in Basingstoke, and the server we're trying to connect to is
in Reading (fwiw).
nick
elzdad
Dabbler
Posts: 11
Registered: 03-12-2012

Re: Problems with "Microsoft DirectAccess"

Update: Plusnet set up a new test account for us to use, and when we logged in with this, then DirectAccess worked straight away.
So I think they are now looking into what's different about my existing account and the test one which might be causing the
problem.
But this means that DirectAccess over Plusnet isn't impossible.
I will update this note with more details as I get them.
I have been very impressed with the way Plusnet support handled this
nick
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Re: Problems with "Microsoft DirectAccess"

Hi Nick,
Good to see some positive progress on this, even if we are not quite sure what it is just yet. Unfortunately today is my last day at Plusnet towers, so I wont be able to see this through.
I've passed details of this to my colleague and we should be able to make some tweaks to verify the exact cause. Once this is done, we will look into that further.