Getting a Red X on the DCA(Direct Access Connectivity Assistant) on the DA clients connecting through Forefront
You would have come across a lot of times a scenario where you are able to access the Internal resources through the Direct Access Client But still it shows you a Red X on the DCA(Direct Access Connectivity Assistant) in the Taskbar.
Recently I was working on a scenario where we were able to access the Internal resources fine from the DA client. However we could still see a Red X on the DCA.
So we started looking into the issue. We looked into the results of DCA Logs on the client and came to know that DCA was configured to check the connectivity to an Internal share on a File Server by the name FS.CONTOSO.COM. And it was failing to access that Share. That's why it was showing that Red X on the DCA.
Then we tried to PING that File Server from the DA client. And we were Surprised to see that it was Resolving to an IPv4 IP Address. As we all know that Direct Access works only over IPv6.
Further investigations revealed that we had a HOST File entry for that File Server, on the Client which was pointing to the IPv4 address of that Server:
We removed the above Entry from the HOST File and after that when we tried, the name of the File Server was now resolving to an IPv6 IP address.
And after that there was NO Red X on the DCA as well.
Takeaway from this Post is that as the Direct Access only works on IPv6, we need to make sure that all the internal names are being resolved to IPv6 addresses on the DA clients and not to IPv4 addresses.
Please find a few Links below which talk about Name Resolution in UAG DA:
SUPPORT ESCALATION ENGINEER, FOREFRONT EDGE SECURITY, MICROSOFT