question

IainJones-7812 avatar image
0 Votes"
IainJones-7812 asked GitaraniSharmaMSFT-4262 commented

DirectAccess ISATAP - Manage Out Issue for Azure VM

We have a DirectAccess solution and have only recently configured the ISATAP router for "Manage Out" capabilities, principally for ConfigMgr.

For some internal management servers this has worked seamlessly, the ISATAP configuration has applied and we can now manage those DirectAccess connected clients (RDP, etc.)

ConfigMgr/SCCM has proved a challenge. This server was built in Azure and despite picking up the config for ISATAP router it's not picking up an IPv6 address on the ISATAP interface.

Tunnel adapter isatap.reddog.microsoft.com:

Connection-specific DNS Suffix . : reddog.microsoft.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.154.8.4%13(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268435456
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-84-C0-48-00-0D-3A-2C-B1-BB
DNS Servers . . . . . . . . . . . : 10.154.0.4
10.154.0.5


C:\Windows\system32>netsh interface isatap show state
ISATAP State : enabled (Group Policy)


C:\Windows\system32>netsh interface isatap show router
Router Name : directaccess-ISATAP (Group Policy)
Use Relay : default
Resolution Interval : default


I would assume this is connectivity from the Azure VNet to the DirectAccess. I've added inbound and outbound whitelisting for the DirectAccess servers in Azure and even tried a whitelist for the IPv6 address subnet that is reported on the internal LAN/WAN servers that work.

Could it also be a Windows firewall issue with the SCCM server? Any suggestions?

azure-virtual-networkazure-network-watcher
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

From what I have been told ISATAP isn't supported on an Azure VM. Certainly every attempt we've made to get this to work supports that.

0 Votes 0 ·

Hello @IainJones-7812 ,

Could you please provide an update on this issue? Do send us an email as requested in case the issue is still ongoing.

Thanks,
Gita

0 Votes 0 ·

Hello @IainJones-7812 ,

Any update on this post?

Regards,
Gita

0 Votes 0 ·

Hello @IainJones-7812 ,

Apologies for the delay in response. Since, your question is related to DirectAccess & ISATAP configuration (which is more of a Windows Networking related query), it will be better answered by the Windows support team. Hence, if you have a support plan, I request you to file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email to azcommunity [at] microsoft [dot] com referencing this thread as well as your subscription ID. Please mention "ATTN gishar" in the subject field.

Thank you for your cooperation on this matter and look forward to your reply.

0 Votes 0 ·

Hello @IainJones-7812 ,

We've not received any email from your end regarding this issue. Please let us know the current status and provide an update to proceed further.

Thanks,
Gita

0 Votes 0 ·

0 Answers