How to Disable IP-HTTPS for Testing and Troubleshooting
A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable it for a specific client for a short period of time to figure out what the problem might be with something else.
If you open the network shell (netsh) and check the syntax that you should use to disable the IP-HTTPS interface, you’ll see something like the following:
set interface [[ url= ] ( url )] [[ state= ] ( enabled | disabled | default )] [[authmode= ] ( none | certificates )]
However, if you try it, you’ll see something like this:
What’s up with that?
Apparently, there is a problem with using netsh to disable the IP-HTTPS interface. Therefore, we’re going to have to consider an alternate approach to temporarily disable the IP-HTTPS interface.
To do this, open the Registry Editor and navigate to:
To disable the interface, set the value to 3.
Keep in mind that this setting is controlled through the UAG DirectAccess client Group Policy. When Group Policy is refreshed on the client, this setting will be overwritten and the IP-HTTPS interface will activate again.
Principal Knowledge Engineer, Microsoft DAIP iX/Identity Management
Anywhere Access Group (AAG)
The “Edge Man” blog : http://blogs.technet.com/tomshinder/default.aspx
Follow me on Twitter: https://twitter.com/tshinder
Visit the TechNet forums to discuss all your UAG DirectAccess issues http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/threads
Stay up-to-date with “just in time” UAG DirectAccess information on the TechNet wiki http://social.technet.microsoft.com/wiki/tags/DirectAccess/default.aspx