DirectAccess Troubleshooting tool

Author by Shannon Fritz

When having a problem getting a DirectAccess client to connect, historically we've had two things to depend on:

  1. The Connectivity Assistant Logs
  2. Our own wits!

Of course there is also a slew of blogs, forums, wiki's and mailing lists out there, but now Microsoft has given us a new tool for our utility belt.  Introducing the DirectAccess Client Troubleshooting Tool!  This utility (which is actively being developed still) can be downloaded and run without installation on Windows 7, 8 and 8.1.

image

When DirectAccess is working well, you should seem Green checkmarks across the board, save for perhaps a few informational messages.  If you enable the Debug mode window you can see all the dirty details too.

image

If you are connected to Corpnet either locally or over VPN, you'll see some messages that indicate DirectAccess is not working (which is true, it's not being used).

The tool will test the following components:

  • Network interfaces (Wired and Wireless NICs)
  • Network Location (NLS and NRPT)
  • IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS)
  • Windows Firewall (applied profile, Firewall outbound rules)
  • Certificates (EKU Client Authentication, trust chain for AIA and CRL)
  • Infrastructure Iunnel (IPSec by Computer, SysVol share)
  • User Tunnel (IPSec by User, PING and Web probes)

It can also execute custom script if you'd like to add your own tests written in PowerShell, VBScript or BAT/CMD.

While the tool isn't a "FixIt for Me", it's a great and informative utility that can get you going in the right direction to resolve issues your DirectAccess clients might be having.  Thanks to Dominik Zemp for the original announcement!

Author

Shannon Fritz

Infrastructure Architect & Server Team Lead