I had a MuliSite DA running on Windows Server 2012 R2 with 2 NICs with 2 consecutive public IP addresses.
I did some research and I found a few possible solutions but they were all for Forefront UAG 2010.
I will list all of them here but only one worked for me.
1. Check that forwarding is not enabled in your external adapter. If forwarding is enabled traffic could have been forwarded from the external to the internal network adapter eventually reaching a domain controller. You can check that with the following command:
netsh int ipv6 show int external
where "external" is the name of your external network interface.
The parameter "Forwarding" should be set to disabled.
2. Create a firewall rule to block traffic from your external network adapter to all domain controllers. This could actually work but I decided this would be my last resort so in the end I didn't have to use it.
3. Check your routes. Check there is no entry where the interface is your external adapter's IP and the network destination is an IP or IP Subnet where a DC is located.
4. The real deal. Clear NLA registry entries for the external adapter, disable it and re-enable it.
Locate the following key and delete any entries where you see the IP(s) of the external network adapter.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetAuth
Now disable and re-enable the external network adapter and DirectAccess should be happy again.
No comments:
Post a Comment