DirectAccess Monitor Reports Network Security Not Healthy

Came across a very handy tip on the TechNet forums over at

imageIn this thread, UAG DirectAccess Pro Ken Carvel provides a nice tip on what to do when you see the DirectAccess Monitor report that Network Security is not healthy.

Just in case that thread disappears, I’ll repost what Ken had to say here:

“I have seen this before as well and it has to do with IPSec DOS protection.

I saw that one of the servers in my array showed as Not Healthy.  I ran the "netsh ipsecdosprotection show interfaces" from the command line and got an "Element not Found" error.  What had happened was one of the IPv6 tunneling interfaces had changed names, like the Teredo Tunneling interface was now "Local Area Connection* 10".  I'm not sure why this happens, but I have seen it on several different UAG DirectAccess servers.

What I did to fix it was run the "netsh int ipv6 show int" command and figure out the names of all of the interfaces.  Then I ran "netsh ipsecdos reset" and manually added the interfaces back like this:

netsh ipsecdos add interface internal
netsh ipsecdos add interface External public
netsh ipsecdos add interface "6TO4 Adapter" public
netsh ipsecdos add interface IPHTTPSInterface public
netsh ipsecdos add interface "Local Area Connection* 10" public”

Great tip Ken! Thanks!



Tom Shinder
Principal Knowledge Engineer, Microsoft DAIP iX/Identity Management
Anywhere Access Group (AAG)
The “Edge Man” blog :
Follow me on Twitter:

Visit the TechNet forums to discuss all your UAG DirectAccess issues

Stay up-to-date with “just in time” UAG DirectAccess information on the TechNet wiki