UAG DirectAccess "The adapter configured as external-facing is connected to a domain"

UAG DirectAccess "The adapter configured as external-facing is connected to a domain"

Forefront UAG supports an enhanced version of DirectAccess that adds several features and capabilities that aren't available with the Windows only version of DirectAccess. After installing UAG on your Windows Server 2008 R2 server, you can then enable DirectAccess using the UAG DirectAccess wizard.

Some administrators have received the message:

"The adapter configured as external-facing is connected to a domain"

After running the DirectAccess wizard. If you receive this message, the DirectAccess wizard will not complete and DirectAccess will not be configured on the UAG DirectAccess server. The reason for this failure is that if the external interface detects that it can reach a domain controller, it will set the Windows Firewall with Advanced Security Profile to "Domain Profile", which will disable the GPO settings required for the DirectAccess server to receive connections from DirectAccess clients (connection security rules, firewall rules, etc).

The cause of this problem isn't well defined right now, but it appears that this is basically only the UAG DirectAccess activation assuming that the external interface it set for the domain profile in Windows Firewall with Advanced security, although NLA no longer recognizes that to be true. It could be that the external interface at one time had connectivity to the domain, but later was reconfigured so that subsequently the external interface no longer could access the domain.

If you do run into this issue, you can fix the problem by using the Registry Editor to navigate to the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetAuth

Delete all the entries that apply to the external interface - those will be the ones that have the IP addresses assigned to the external interface.

We'll continue to update this wiki entry as more information on this issue becomes available, but believed it was important to get this workaround information to you as soon as we could. If you do run into this issue, please contact CSS so that they are aware of the problem.

Leave a Comment
  • Please add 4 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Maheshkumar S Tiwari edited Revision 2. Comment: Added Tag

  • Tom Shinder [MSFT] edited Revision 1. Comment: Updated again with more definitive information and a fix.

  • Tom Shinder [MSFT] edited Original. Comment: More detailed investigation with devs indicate that problem is more complex and may be related to issues with the firewall service state and timing.

Page 1 of 1 (3 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Tom Shinder [MSFT] edited Original. Comment: More detailed investigation with devs indicate that problem is more complex and may be related to issues with the firewall service state and timing.

  • Tom Shinder [MSFT] edited Revision 1. Comment: Updated again with more definitive information and a fix.

  • Maheshkumar S Tiwari edited Revision 2. Comment: Added Tag

Page 1 of 1 (3 items)