ISP Address Field is Blank in DirectAccess Status and Reports

When viewing DirectAccess client status in the Remote Access Management console, you will notice that the ISP address field is blank for clients using the IP-HTTPS IPv6 transition protocol. However, the ISP Address information is displayed for clients using the 6to4 or Teredo IPv6 transition protocols.

ISP Address Field is Blank in DirectAccess Status and Reports

This is expected behavior and occurs as a result of the way in which the DirectAccess reports obtain the client’s public ISP address information. The ISP address is derived from the IPv6 address used to establish the DirectAccess client’s IPsec Security Associations (SAs) on the DirectAccess server. For clients using the 6to4 or Teredo IPv6 transition protocols, the client’s public IPv4 address is embedded in its IPv6 address. This information is displayed in the ISP Address field. However, the IP-HTTPS IPv6 transition protocol uses completely random IPv6 addresses. Without an embedded IPv4 address, the Remote Access Management console lacks the information to display in the ISP Address field.

Updated 3/22/2015: With a little extra work it is possible to find the IPv4 ISP address for DirectAccess clients using the IP-HTTPS IPv6 transition protocol. For more information, please refer to Microsoft PFE Martin Solis’ excellent blog post on the subject here.

Leave a comment

16 Comments

  1. jDA

     /  March 18, 2015

    Hi Richard, do you know if it is possible to have a mixed DA environment where some DA servers are Windows 2012 and the others are Windows 2012 R2

    Reply
    • It’s not recommended, but yes, I’ve confirmed that it does work. I’d suggest doing this only as part of a rolling upgrade. It would be advisable to get to all 2012 R2 machines as quickly as possible. 🙂

      Reply
  2. Roshan

     /  July 7, 2017

    Hi Richard, i can ping and Access remotely DA Client whose protocol is showing IPHTTPS but unable to ping or access the machine whose protocol is Teredo. Why so.?

    Reply
    • Try enabling the option to “Allow Edge Traversal” on any client-side firewall rules allowing inbound management traffic (for example RDP). Let me know if that helps!

      Reply
  3. Edgar Spruijt

     /  November 8, 2018

    Hello Richard, I am trying to find the Martin Solis post you referred to, but it seems to have disappeared from the internet. Do you maybe have another link or any documentation on this?

    Reply
  4. Marek

     /  March 6, 2019

    Regarding Martin’s post, remember about archive.org. That’s how I got access to the page.

    Reply
  5. Peter

     /  March 29, 2019

    Richard,
    I often see the username blank for some clients, we always see the host name. Is there a reason why some of the connections in the remote client dashboard do not show the username?

    We’re using IP-HTTPS only.

    Thanks

    Reply
    • If the user name is blank it means the user hasn’t logged on yet. You will always see the computer name because that will establish automatically before the user logs on.

      Reply
  6. Techie1

     /  August 12, 2021

    Client computers are connecting Corporate network via DirectAccess VPN and accessing all services. but client computer doesn’t get office ISP. when trying to check what is my ip, it shows clients home internet ISP IP.

    Reply
    • You would need to enable selective tunneling or force tunneling for DirectAccess to have your traffic source form your office ISP.

      Reply
  1. Monitoring DirectAccess Machine and User Activity with Windows Component Event Logging | Richard Hicks' DirectAccess Blog

Leave a Reply to Peter Cancel reply

%d bloggers like this: