VMware, UAG, DirectAccess pt2
Had some rather nifty issues with a DirectAccess array the other week – so I thought I would return here and blog it!
In short, everything was working fine apart from one very small part – “Manage Out” via IPHTTPS tunnel wasn’t functioning.
In short, clients were connecting the IPHTTPS tunnel before the Teredo was up. Whilst IPHTTPS is connected it will be preferred over Teredo (or 6to4) and disconnects after a random amount of time.
Clients could route traffic down here – so connecting to Intranet services was fine. Tunnel was up on both parts (Intranet/Infrastructure) and everything worked fine apart from “Manage Out”. Routes all fine, Windows Firewall (client-side) all fine.
Queue some hair tearing etc etc.
Raised a call with MS eventually – and in short its VMware causing the issue.
To quote MS (slightly edited to make sense outside of the Email trail);
We have had similar cases before where VMWare template provisioning was used for the UAG hosts, and can confirm that the problem was down to the template creating duplicate adapters that would affect tunnel bindings when configuring UAG DA. And the solution was to rebuild using standard media which completely addressed the issue.
Ouch. Oh well, rebuild we must (I’ll update once they are done!)
Had some other interesting information too regarding VMware, Unicast and DA NLB. I’ll update my original post here