DirectAccess, Essentials 2012 and the mystery of DNS Failures

I am writing this post in order to try and highlight the issues people are having with DA, and suggest a course of action. Rather than simply reply to comments about various bits not working.

It was October last year when i posted my process for enabling DA on Essentials 2012, and at the time i was really excited about the new OS and the possibilities that having a supported DA configuration for SMB would bring. If you are not on-board with DA and what it can bring your customers – you need to consider it. Just like PowerShell i think DA is a really important technology for people to be picking up and deploying for small businesses.

Unfortunately, it is not working as smoothly as i had hoped, and, Microsofts response so far has not been ideal and has sapped a lot of the passion i had for this product.

What’s the problem?

Well the first issues started with RTM. At some point between the Beta of E12 and RTM, Windows 7 client support in DA broke. When i was testing Essentials 2012 the DA testing i did was with Windows 7 and it worked very well. When i came to blog the steps it was clear something was wrong, but no one inside MS knew what it was. Eventually we did get a fix for that issue (Issue 7) however, the work i feel i had to put in to get this issue raised up to the point it was acted upon was surprising given this was a new OS.

Around June of this year, miles267 contacted me to say he was having issues with DA, so i went back to my lab box, and sure enough i had the same issue. Which was that our Win 8 client machine sat saying ‘connecting’ and never actually connected to the corporate network. The issue appears to be related to DNS traffic flowing over the IP-HTTPS interface, which is just not happening. Whether it is being blocked by the server firewall, or some other reason is so far not known. After 7 weeks of troubleshooting with me (which consisted of  essentially removing DirectAccess, and adding it back) we are still waiting for someone to tell us the cause, and the solution.

One of the benefits of being an MVP is that i can open up support cases with Microsoft for these types of issue. So i opened a case, and started working with MS on the issue. What became clear straight away unfortunately is that the support folks were not very clued up on Essentials & DA as a solution. SO i was quickly transferred from the SBS/Essentials team over to the networking team who specialise in DA. My case was open for 7 weeks before i lost interest in solving the problem. What really worried me about this, is that if this was a client of mine – 7 weeks would have passed and we were no closer to a solution, we could not even find the cause.

I decided to share this with the other MVPs in our group, and some confirmed DA was working for them, and they had no issues at all.

I decided to set DA up again from scratch on a new install. Sure enough, it worked fine (and still is). I have also actively tried to break it, installing all available updates in order to see if we can pin point one. Sadly not.

In August i went away on holiday for two weeks and transferred my DA case to Miles267 who also was still struggling, as i understand it, they are still working on the issue.

Since i opened my case, i have been suggesting people with similar issues also open cases with Microsoft.

This is an important step, because only with enough open cases will these problems get enough attention. Given the release of 2012 R2 now to RTM, i worry that there are now even less resources available to put into working on this, and those of us with open cases will simply be told to reinstall.

I have added a thread to the Essentials forum, if you cannot raise a support case with MS directly, please post in that thread.

The more cases we highlight to Microsoft, the more chance we have of getting the issue resolved.