ISP Address Field is Blank in DirectAccess Status and Reports

When viewing DirectAccess client status in the Remote Access Management console, you will notice that the ISP address field is blank for clients using the IP-HTTPS IPv6 transition protocol. However, the ISP Address information is displayed for clients using the 6to4 or Teredo IPv6 transition protocols.

ISP Address Field is Blank in DirectAccess Status and Reports

This is expected behavior and occurs as a result of the way in which the DirectAccess reports obtain the client’s public ISP address information. The ISP address is derived from the IPv6 address used to establish the DirectAccess client’s IPsec Security Associations (SAs) on the DirectAccess server. For clients using the 6to4 or Teredo IPv6 transition protocols, the client’s public IPv4 address is embedded in its IPv6 address. This information is displayed in the ISP Address field. However, the IP-HTTPS IPv6 transition protocol uses completely random IPv6 addresses. Without an embedded IPv4 address, the Remote Access Management console lacks the information to display in the ISP Address field.

Updated 3/22/2015: With a little extra work it is possible to find the IPv4 ISP address for DirectAccess clients using the IP-HTTPS IPv6 transition protocol. For more information, please refer to Microsoft PFE Martin Solis’ excellent blog post on the subject here.

Leave a comment

5 Comments

  1. jDA

     /  March 18, 2015

    Hi Richard, do you know if it is possible to have a mixed DA environment where some DA servers are Windows 2012 and the others are Windows 2012 R2

    Reply
    • It’s not recommended, but yes, I’ve confirmed that it does work. I’d suggest doing this only as part of a rolling upgrade. It would be advisable to get to all 2012 R2 machines as quickly as possible. 🙂

      Reply
  2. Roshan

     /  July 7, 2017

    Hi Richard, i can ping and Access remotely DA Client whose protocol is showing IPHTTPS but unable to ping or access the machine whose protocol is Teredo. Why so.?

    Reply
    • Try enabling the option to “Allow Edge Traversal” on any client-side firewall rules allowing inbound management traffic (for example RDP). Let me know if that helps!

      Reply
  1. Monitoring DirectAccess Machine and User Activity with Windows Component Event Logging | Richard Hicks' DirectAccess Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: