After installing and configuring DirectAccess in Windows Server 2019 you may encounter an error message indicating that IP-HTTPS is not working properly. Looking at the Operations Status overview in the Dashboard of the Remote Access Management console shows that the IP-HTTPS interface is in error. IP-HTTPS Route Error Viewing the detailed Operations Status shows the […]
All posts found when searching for IP-HTTPS
DirectAccess IP-HTTPS Not Working Properly in Windows Server 2019
Posted by Richard M. Hicks on November 26, 2018
https://directaccess.richardhicks.com/2018/11/26/directaccess-ip-https-not-working-properly-in-windows-server-2019/
DirectAccess IP-HTTPS and Symantec SSL Certificates
An SSL certificate is required to support the IP-HTTPS IPv6 transition technology when configuring DirectAccess. Implementation best practices dictate using a public SSL certificate signed by a trusted third-party vendor such as Entrust, Verisign, DigiCert, and others. SSL certificates issued by a private PKI are acceptable if the client trusts the issuing CA. Self-signed certificates […]
Posted by Richard M. Hicks on March 5, 2018
https://directaccess.richardhicks.com/2018/03/05/directaccess-ip-https-and-symantec-ssl-certificates/
DirectAccess IP-HTTPS Performance Issues
Performance issues with DirectAccess are not uncommon. In fact, there are numerous threads on Microsoft and third-party forums where administrators frequently complain about slow download speeds, especially when using the IP-HTTPS IPv6 transition technology. Based on my experience the problem does not appear to be widespread but occurs with enough regularity that it is worthy […]
Posted by Richard M. Hicks on February 19, 2018
https://directaccess.richardhicks.com/2018/02/19/directaccess-ip-https-performance-issues/
DirectAccess IP-HTTPS Null Cipher Suites Not Available
Microsoft first introduced support for null cipher suites for the IP-HTTPS IPv6 transition technology in Windows Server 2012, and it is supported for DirectAccess in Windows 8.x and Windows 10 clients. Using null cipher suites for IP-HTTPS eliminates the needless double encryption that occurs when using encrypted cipher suites. DirectAccess is a unique workload where […]
Posted by Richard M. Hicks on December 18, 2017
https://directaccess.richardhicks.com/2017/12/18/directaccess-ip-https-null-cipher-suites-not-available/
SSL Certificate Considerations for DirectAccess IP-HTTPS
DirectAccess uses IPv6 exclusively for communication between the client and server. IPv6 transition technologies are used to support DirectAccess communication over the IPv4 public Internet. One of those IPv6 transition technologies, IP-HTTPS, uses HTTP for encapsulation and SSL/TLS for authentication of the DirectAccess server. SSL Certificates When configuring DirectAccess, an SSL certificate must be provided […]
Posted by Richard M. Hicks on October 30, 2017
https://directaccess.richardhicks.com/2017/10/30/ssl-certificate-considerations-for-directaccess-ip-https/
Troubleshooting DirectAccess IP-HTTPS Error Code 0x800b0109
A Windows 7 or Windows 8.x/10 client may fail to establish a DirectAccess connection using the IP-HTTPS IPv6transition technology. When troubleshooting this issue, running ipconfig.exe show that the media state for the tunnel adapter iphttpsinterface is Media disconnected. Running the Get-NetIPHttpsState PowerShell command on Windows 8.x/10 clients or the netsh interface httpstunnel show interface command […]
Posted by Richard M. Hicks on April 6, 2017
https://directaccess.richardhicks.com/2017/04/06/troubleshooting-directaccess-ip-https-error-code-0x800b0109/
Troubleshooting DirectAccess IP-HTTPS Error 0x80090326
A Windows 7 or Windows 8.x/10 client may fail to establish a DirectAccess connection using the IP-HTTPS IPv6 transition technology. When troubleshooting this issue, running ipconfig.exe shows that the media state for the tunnel adapter iphttpsinterface is Media disconnected. Running the Get-NetIPHttpsState PowerShell command on Windows 8.x/10 clients or the netsh interface httpstunnel show interface […]
Posted by Richard M. Hicks on April 3, 2017
https://directaccess.richardhicks.com/2017/04/03/troubleshooting-directaccess-ip-https-error-0x80090326/
DirectAccess SSL Offload and IP-HTTPS Preauthentication with Citrix NetScaler
Introduction Communication between the DirectAccess client and server takes place exclusively over IPv6. When DirectAccess servers and/or clients are on the IPv4 Internet, an IPv6 transition technology must be employed to allow those clients to connect to the DirectAccess server. DirectAccess deployment best practices dictate that only the IP-HTTPS IPv6 transition technology be used. IP-HTTPS […]
Posted by Richard M. Hicks on January 17, 2017
https://directaccess.richardhicks.com/2017/01/17/directaccess-ssl-offload-and-ip-https-preauthentication-with-citrix-netscaler/