DirectAccess Monitor Reports Network Security Not Healthy
Came across a very handy tip on the TechNet forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/8965b7de-8814-40ed-b189-37b53bb1b88b
Just in case that thread disappears, I’ll repost what Ken had to say here:
“I have seen this before as well and it has to do with IPSec DOS protection.
I saw that one of the servers in my array showed as Not Healthy. I ran the "netsh ipsecdosprotection show interfaces" from the command line and got an "Element not Found" error. What had happened was one of the IPv6 tunneling interfaces had changed names, like the Teredo Tunneling interface was now "Local Area Connection* 10". I'm not sure why this happens, but I have seen it on several different UAG DirectAccess servers.
What I did to fix it was run the "netsh int ipv6 show int" command and figure out the names of all of the interfaces. Then I ran "netsh ipsecdos reset" and manually added the interfaces back like this:
netsh ipsecdos add interface isatap.contoso.com internal
netsh ipsecdos add interface External public
netsh ipsecdos add interface "6TO4 Adapter" public
netsh ipsecdos add interface IPHTTPSInterface public
netsh ipsecdos add interface "Local Area Connection* 10" public”
Great tip Ken! Thanks!
Principal Knowledge Engineer, Microsoft DAIP iX/Identity Management
Anywhere Access Group (AAG)
The “Edge Man” blog : http://blogs.technet.com/tomshinder/default.aspx
Follow me on Twitter: https://twitter.com/tshinder
Visit the TechNet forums to discuss all your UAG DirectAccess issues http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/threads
Stay up-to-date with “just in time” UAG DirectAccess information on the TechNet wiki http://social.technet.microsoft.com/wiki/tags/DirectAccess/default.aspx