locked
DirectAccess - Internal servers not updating DNS with ISATAP addresses RRS feed

 , 
 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm walking through the DirectAccess test lab, but running into a snag.

    I'm able to ping intranet resources with their IPv6 addresses from both the internet and homenet spaces. I'm resolving DNS queries on the intranet DNS server. However, my intranet servers aren't updating the DNS server with their ISATAP addresses. If I enter them manually, DirectAccess works just fine. I've tried stoping/restarting ISATAP and manually registering with ipconfig /registerdns without success.

    Also, on the client I'm moving between networks, I have no gateway listed on the ISATAP interface:

    Windows IP Configuration

  Host Name . . . . . . . . . . . . : Client1
  Primary Dns Suffix . . . . . . . : corp.contoso.com
  Node Type . . . . . . . . . . . . : Mixed
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : corp.contoso.com
                    isp.example.com

Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix . : isp.example.com
  Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
  Physical Address. . . . . . . . . : 00-0C-29-35-85-3A
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::68ee:af4a:30a5:862b%10(Preferred) 
  IPv4 Address. . . . . . . . . . . : 131.107.0.100(Preferred) 
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Monday, May 30, 2011 3:47:37 PM
  Lease Expires . . . . . . . . . . : Tuesday, June 07, 2011 3:47:37 PM
  Default Gateway . . . . . . . . . : 131.107.0.1
  DHCP Server . . . . . . . . . . . : 131.107.0.1
  DHCPv6 IAID . . . . . . . . . . . : 234884137
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-6F-6F-05-00-0C-29-07-5D-B8
  DNS Servers . . . . . . . . . . . : 131.107.0.1
  NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

  Connection-specific DNS Suffix . : isp.example.com
  Description . . . . . . . . . . . : Microsoft 6to4 Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2002:836b:64::836b:64(Preferred) 
  Default Gateway . . . . . . . . . : 
  DNS Servers . . . . . . . . . . . : 131.107.0.1
  NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.isp.example.com:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . : isp.example.com
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes

Tunnel adapter iphttpsinterface:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . : 
  Description . . . . . . . . . . . : Microsoft IP-HTTPS Platform Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
    Despite this, I can access resources on the intranet just fine if DNS records are present. I'm not sure if something's wrong regardless, or if this is how it's supposed to be.
    Monday, May 30, 2011 8:51 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Carl,

     

    Thank you for your post.

     

    ISATAP can be used for DirectAccess to provide IPv6 connectivity to ISATAP hosts across your intranet. DirectAccess clients just use native IPv6, 6to4, Teredo, IP-HTTPS to connect to the DA server. I find that you use 6to4 address on you DA client.

     

    For a public IPv4 address, your Tunnel adapter 6TO4 Adapter should be configured with an address that starts with 2002. The Tunnel adapter 6TO4 Adapter should also be assigned a default gateway.

     

    Please take a look at the following link and to verify 6to4 functionality and configuration on your DirectAccess client.

     

    Cannot Reach the DirectAccess Server with 6to4:

    http://technet.microsoft.com/en-us/library/ee844172(WS.10).aspx

     

    By default, the DNS Server service in Windows Server 2008 and later blocks name resolution for the name ISATAP through the DNS Global Query Block List. To use ISATAP on your intranet, you should remove the ISATAP name from the list for all DNS servers running Windows Server 2008 and later. For more information, please take a look at the following links.

     

    Remove ISATAP from the DNS Global Query Block List:

    http://technet.microsoft.com/en-us/library/ee649158(WS.10).aspx

     

    > I've tried stoping/restarting ISATAP and manually registering with ipconfig /registerdns without success.

     

    Please check the following KB if you use Windows 2008 DNS server.

     

    The DNS server does not listen on the ISATAP interface on a Windows Server 2008-based computer:

    http://support.microsoft.com/kb/958194

     

    Best Regards,

    James Zou

    Wednesday, June 1, 2011 9:56 AM
    Moderator