PowerShell is an essential tool for Windows administrators for configuration, task automation, monitoring, reporting, and problem resolution. When troubleshooting DirectAccess connectivity using the IP-HTTPS IPv6 transition technology, the Get-NetIPHttpsConfiguration and Get-NetIPHttpsState PowerShell commands are important for assessing the configuration and current state of the IP-HTTPS connection. When DirectAccess connectivity fails, these are some of the first commands an administrator will use to identify and resolve the issue.
Get-NetIPHttpsState
Get-NetIPHttpsState is especially helpful when IP-HTTPS connectivity fails because it returns an error code and interface status information that can provide clues as to why the connection was not completed successfully.
No Output in 1803
Beginning with Windows 10 1803, the DirectAccess administrator will notice that Get-NetIPHttpsState returns no data. The output of Get-NetIPHttpsState is blank.
Changes in 1803
As it turns out, this is a bug first introduced in Windows 10 1803 that is the result of a fundamental change in the way in which the IP-HTTPS interface is implemented in Windows. As of this writing, the bug has not been addressed in Windows 10 1803 or 1809.
Workaround
The good news is that there’s an easy workaround for this. Instead of using Get-NetIPHttpsState, the administrator can retrieve essential information about the IP-HTTPS interface using the following netsh command.
netsh interface httpstunnel show interface
Additional Information
SSL Certificate Considerations for DirectAccess IP-HTTPS
Troubleshooting DirectAccess IP-HTTPS Error Code 0x800b0109
Troubleshooting DirectAccess IP-HTTPS Error Code 0x80090326
Troubleshooting DirectAccess IP-HTTPS Error Code 0x90320
Shanon Tuten
/ October 21, 2020A very interesting post about 1803 and changing the adapter implementation. We have noticed, and possibly since 1803, that our clients some times hang at “connecting”. Sometimes turning off wifi, waiting a few seconds and turning it back on fixes it and other times you have to reboot which always fixes it. In looking at the logs during that type of event I noticed that the IP-HTTPS adapter is just not there. In the past that adapter was always there and it was just a matter of it being disonnected or connected. It appears now that Microsoft doesn’t show that adapter with an ipconfig/all or Get-NetIPConfiguration if you aren’t on DA and something is keeping it from “coming back”. I wonder if it all stems from the rewrite you mention? Hmm. Thanks for the information.
Richard M. Hicks
/ October 24, 2020I’m certain they are related. 🙂
Babs
/ December 16, 2020Increasingly a lot of our Surface Pros now have DA in connecting state without connectivity since updating to 1904. Anyone else having these issues and is there a fix apart from removing DA policy and re-applying
Richard M. Hicks
/ December 17, 2020I’m hearing a lot of reports where clients are reverting back to Professional edition after upgrades. Have a look at that and make sure that hasn’t happened to you. 🙂