Microsoft DirectAccess Client Troubleshooting Tool

To aid in troubleshooting Windows DirectAccess client configuration and connectivity, Microsoft recently made available the Windows DirectAccess Client Troubleshooting Tool. The tool, which is a portable executable based on the .NET Framework and does not require installation, operates by performing a series of tests and health checks on a connected DirectAccess client. As of this release, the troubleshooting tool checks network interface configuration, Network Location Server (NLS) reachability, IP connectivity and the status of transition technologies, Windows Firewall with Advanced Security configuration, computer certificate status, as well as network connectivity over the infrastructure and user IPsec DirectAccess tunnels.

Microsoft Windows DirectAccess Client Troubleshooting Tool

The tool also features an optional debug mode that provides highly detailed information gathered from each of the tests executed.

Microsoft Windows DirectAccess Client Troubleshooting Tool

The tool is supported on both Windows 7 and Windows 8.x clients. If you implement or support DirectAccess, this utility will certainly speed up your troubleshooting by providing deep insight in to the configuration and current connectivity status for your DirectAccess clients. You can download the Microsoft DirectAccess client troubleshooting tool here.

Leave a comment

23 Comments

  1. Thanks for the tip about the DA Client Troubleshooting Tool. When I ran it on a DA client, it failed a section of the User Tunnel Tests, specifically it “Failed to connect to HTTP probe at…” However, it appears that DA is working because I can access my company’s resources. What does the User Tunnel test do?

    Reply
    • The user tunnel test makes a connection to the “web probe host”, which is the internal network interface of the DA server. There are a number of factors that might prevent this from working while DA does work. If DA is working, I’d disregard it.

      Reply
  2. Xavier Ponard

     /  March 7, 2014

    At this point, trying to evaluate this tool,
    But don’t seems to work when online LAN or online using WWAN/DA

    When i ran DirectAccess Client Troubleshooting Tool on W7.
    It failed after Running IP connectivity tests.
    > Check not run yet. twice and error popup appear.
    on the log file:

    Extract when laptop is connected to LAN.

    07/03/2014 10:25:03[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: netsh int teredo sh st returned:
    ParamŠtres Teredo
    ———————————————
    Type : client
    Nom du serveur : teredo.ipv6.microsoft.com.
    Interv. d’actual. du client : 30 secondes
    Port client ÿ: unspecified
    Statut ÿ: offline
    Erreur ÿ: le client est dans un r‚seau administr‚

    07/03/2014 10:25:03[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: Teredo interface type: client.
    07/03/2014 10:25:03[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: Teredo interface is enabled.
    07/03/2014 10:25:03[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] Info: Check not run yet.
    07/03/2014 10:25:03[P:4528 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: RootNode IPConnTestsNode found at index 2.
    07/03/2014 10:25:03[P:4528 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: The RootNode IPConnTestsNode has already 1 ChildNodes.
    07/03/2014 10:25:03[P:4528 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: Added ChildNode IPConnTestsNodeChild1.
    07/03/2014 10:33:01[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR: An Exception was thrown – details below:

    07/03/2014 10:33:01[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR: Object reference not set to an instance of an object.
    07/03/2014 10:33:01[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR: DAClientTroubleshooter
    07/03/2014 10:33:01[P:4528 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR:
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.WorkHorse(CancellationToken token)

    Extract on laptop when DA is fully operationnal (WWAN/DA)

    07/03/2014 10:42:07[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: netsh int teredo sh st returned:
    ParamŠtres Teredo
    ———————————————
    Type : client
    Nom du serveur : teredo.ipv6.microsoft.com.
    Interv. d’actual. du client : 30 secondes
    Port client ÿ: unspecified
    Statut ÿ: qualified
    Type de client : teredo host-specific relay
    R‚seau : unmanaged
    NAT : symmetric (port)
    Comportement sp‚cial NAT : UPNP: Non, PortPreserving: Non
    Mappage local : 100.113.229.163:50486
    Mappage NAT externe : 92.90.17.16:14117

    07/03/2014 10:42:07[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: Teredo interface type: client.
    07/03/2014 10:42:07[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: Teredo interface is enabled.
    07/03/2014 10:42:07[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: Teredo interface type: teredo host-specific relay.
    07/03/2014 10:42:07[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TeredoChecker] Info: Teredo interface is enabled.
    07/03/2014 10:42:07[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] Info: Check not run yet.
    07/03/2014 10:42:07[P:6208 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: RootNode IPConnTestsNode found at index 2.
    07/03/2014 10:42:07[P:6208 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: The RootNode IPConnTestsNode has already 1 ChildNodes.
    07/03/2014 10:42:07[P:6208 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: Added ChildNode IPConnTestsNodeChild1.
    07/03/2014 10:42:14[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR: An Exception was thrown – details below:

    07/03/2014 10:42:14[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR: Object reference not set to an instance of an object.
    07/03/2014 10:42:14[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR: DAClientTroubleshooter
    07/03/2014 10:42:14[P:6208 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] ERROR:
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.WorkHorse(CancellationToken token)

    Reply
    • Interesting. I’m wondering if this is a localization issue? I’ve not tried running the tool on non-US language versions of Windows. Anyone else have this issue?

      Reply
      • Fabien SCHWARTZ

         /  March 21, 2014

        Had the same issue with Windows 8.1 in French: it failed after Running IP connectivity tests.

        Extract of issue:
        [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] Info: Trying to ping IPv6 address 2001:4860:4860::8888.
        21/03/2014 10:24:24[P:2452 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NetworkHelper] Info: Trying to ping 2001:4860:4860::8888.
        21/03/2014 10:24:24[P:2452 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NetworkHelper] ERROR: An Exception was thrown – details below: Une exception s’est produite lors d’une demande PING.
        System à System.Net.NetworkInformation.Ping.Send(IPAddress address, Int32 timeout, Byte[] buffer, PingOptions options) …

        => Change language to English, tested on LAN and on Internet (DA client active), and it works.

      • Thanks for sharing that information. Sure looks like it is an issue with localization. Hopefully that gets fixed in the near future. :)

  3. Dan A

     /  March 21, 2014

    Tried the tool to troubleshoot some issues we’ve had with new clients, the tool fails after IP Connectivity tests with the message “DAClientToubleshooter encountered and error while processing and needs to close”

    Windows 7, SP1 Danish lang.:

    System.AggregateException: Der opstod en eller flere fejl. —> System.ApplicationException: An Exception occurred in the work horse thread.
    ved MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.WorkHorse(CancellationToken token)
    ved MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.b__0()
    ved System.Threading.Tasks.Task.InnerInvoke()
    ved System.Threading.Tasks.Task.Execute()
    — Slut på staksporing af indre undtagelser —
    ved System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
    ved System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
    ved System.Threading.Tasks.Task.Wait(CancellationToken cancellationToken)
    ved MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.CancelButton_Click(Object sender, EventArgs e)
    ved System.Windows.Forms.Control.OnClick(EventArgs e)
    ved System.Windows.Forms.Button.OnClick(EventArgs e)
    ved System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
    ved System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
    ved System.Windows.Forms.Control.WndProc(Message& m)
    ved System.Windows.Forms.ButtonBase.WndProc(Message& m)
    ved System.Windows.Forms.Button.WndProc(Message& m)
    ved System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
    ved System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
    ved System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    —> (Indre undtagelse #0) System.ApplicationException: An Exception occurred in the work horse thread.
    ved MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.WorkHorse(CancellationToken token)
    ved MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.b__0()
    ved System.Threading.Tasks.Task.InnerInvoke()
    ved System.Threading.Tasks.Task.Execute()<—

    Reply
    • This appears to be a localization issue. English users are working fine, but other readers of this blog are reporting similar problems with non-English installations. Hopefully this issue will be resolved in a future release of the tool.

      Reply
  4. Yep, the current buildjust works with EN-US or installed MUI, there are many known localization issues. But, it’s on the to-do list for vNext. :-)

    Reply
    • Thanks for confirming that Dominik. Be sure to let us know when vNext is released. I’m sure you’ve gotten a lot of feedback so far. :)

      Reply
  5. Hello Richard,

    Thank you very much for your blog, I am setting up my first DA environment at the moment and gotten the server up and running Win2012R2 but the test client (Win8.1) is not connecting. Server side, the Operational Status is all green. Server is sitting in a DMZ with

    On the client, in the IP connectivity tests I am seeing the IPHTTPS interface is not operational and also Error – no IPv6 transition technology is operational!

    I have installed a Public certificate in the server with the subject field set with the public hostname of the server.

    i think I am close to getting this working, but need a bit of guidance on getting it working correctly.

    Any advice would be greatly welcomed.

    Reply
  6. Jens

     /  May 19, 2014

    Hi Richard,

    I’ve read through numerous blog posts of yours regarding DirectAccess but have yet to find an answer to my problem. I’ve setup a DirectAccess server, it is running on a 2012 R2 VM inside of a 2012 R2 Host Machine. The client machine is a Windows 7 PC and the DirectAccess Connectivity Assistant shows everything is working. Network shares work remotely and it “appears” to be working fine, however there are issues when trying to access a core webapp that we used called AMS360.

    When remotely connected via VPN AMS360 works, and when in the office with DA Configured and Disabled AMS360 works, however as soon as DA is Configured and Enabled this web application stops functioning. Have you run across anything similar with specific web applications that use a .NET back-end ceasing to function? I am hoping there is something missing in our DA configuration, but the only thing that errors when I run the DirectAccess Client Troubleshooting Tool is the User Tunnel Tests which show a TimeOut on the two DTEs, which above you state can be ignored if DA seems to be working otherwise.

    If you have any suggestions let me know.

    Thanks,

    Reply
    • It is entirely possible that your application is making a call directly to a resource via its IP address and not its hostname. You’ll probably have to profile the application by watching network traces taken while on the internal network and compare that to traces taken from the client when it is outside of the network. Most often that’s the source of trouble for applications that fail to work properly over a DirectAccess connection.

      Reply
  7. See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.

    ************** Exception Text **************
    System.AggregateException: One or more errors occurred. —> System.ApplicationException: An Exception occurred in the work horse thread.
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.WorkHorse(CancellationToken token)
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.b__0()
    at System.Threading.Tasks.Task.Execute()
    — End of inner exception stack trace —
    at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.CancelButton_Click(Object sender, EventArgs e)
    at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
    at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
    at System.Windows.Forms.Control.WndProc(Message& m)
    at System.Windows.Forms.ButtonBase.WndProc(Message& m)
    at System.Windows.Forms.Button.WndProc(Message& m)
    at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    —> (Inner Exception #0) System.ApplicationException: An Exception occurred in the work horse thread.
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.WorkHorse(CancellationToken token)
    at MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm.b__0()
    at System.Threading.Tasks.Task.Execute()<—

    ************** Loaded Assemblies **************
    mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
    —————————————-
    DAClientTroubleshooter
    Assembly Version: 1.4.4.39291
    Win32 Version: 1.4.4.0
    CodeBase: file:///C:/Users/Administrator/Desktop/DirectAccessClientTroubleshooter/DAClientTroubleshooter.exe
    —————————————-
    System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    —————————————-
    System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    —————————————-
    System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
    —————————————-
    System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    —————————————-
    System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
    —————————————-
    System.Management
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18408 built by: FX451RTMGREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Management/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Management.dll
    —————————————-

    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.

    For example:

    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.

    Reply
  8. :)) crap my text is gone,.. anyway maybe somebody will paste here some learning books to solve it

    Reply
  9. SImon

     /  June 4, 2014

    Hi RIchard, I got my DirectAccess up and running, I have since added 2 more entry points around the world and have been testing quite successfully with a handful of Windows 8 and 8.1 clients.

    I am now looking to roll out Windows 8.1 via WDS and at the same time, give DirectAccess to all the mobile clients. It is these new machines that are failing. At first I thought it was a problem with the IntelProSet wireless software in my Windows 8.1 build so I created a brand new image and deployed to 2 computers for testing. They refuse to connect. In the troubleshooting tool, they pass everything up to the 2 tunnel tests.

    All of the other machines are working, so I am stumped as to why computers based on my new image are failing. Is there a windows update that is causing problems for 8.1 Enterprise Clients?

    Reply
    • Simon

       /  June 4, 2014

      An update;
      I ran netsh int https show int on an affected computer and got the error code 0×0 iphttps interface active,

      The troubleshooting tool fails the Infrastructure test, so I thought the IPHTTPS wasn’t working.

      So I think it might be the computer certificate that is installed on the clients.

      They are creating the certificate from GP, I followed your guide on that, and it was working for other computers.

      The strange thing it that on the server, I don’t see any incoming connections. I will check the user tunnel tests

      Reply
      • Simon

         /  June 5, 2014

        Further troubleshooting seems to have found a solution. My testing shows that only newly deployed Windows 8.1 machines are affected.

        The logs are identical, the IPHTTPS tunnel throws no errors and reports being connected, but no infrastucture servers are reachable. The only difference is that the IPSEC quick and main mode tunnels were not connecting.

        I found that running in an admin level command prompt the following 2 commands fixes DirectAccess. Several reboots later and it is still working.

        sc config ikeext start= auto

        net start ikeext

      • Glad you were able to resolve that. Thanks for sharing the resolution steps!

  10. D_A-

     /  July 22, 2014

    We have an interesting situation with DA 2012 in our company. Our DA works perfectly, but we cannot access one spesific file server share (non-domain file server, 2008 R2 server).

    Clients can ping the server, and we can access the server via http, but for some reason we cannot connect the file share? We have tried to connect the share with every possible way, but just cannot connect…. most interesting is that DA-server can connect this spesific shared folder just fine, but client’s cannot.

    Have you seen any situations like this?

    Reply
    • That’s unusual. Perhaps it is an authentication issue? I’d suggest taking a network trace from the file server side to see what it looks like.

      Reply
  1. Friday Five - February 28, 2014 - The Microsoft MVP Award Program Blog - Site Home - MSDN Blogs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 33 other followers

%d bloggers like this: