Microsoft Direct Access Fail and Troubleshooting

Today I had some issues on my Laptop with DirectAccess. The DirectAccess vpn connection haven’t connect to the corporate network. The DirectAccess connection status stay on “connecting” and doesn’t connect with success. To troubleshoot the problem I’ve also used the Microsoft Tool “Direct Access Client Troubleshooter” .

The Problem was the NLS Server.

To determine if the client is inside or outside of the corporate network we use the NLS component of DirecAccess. If the client can successfully connect to the NLS server, it is on the internal corporate network and DirecAccess is not used. If the NLS server aren’t reachable, the client is outside of the corporate network and the client try to establish a remote tunnel to the corporate network using DirecAccess.
NLS stays for Network Location Server and is a critical component when you’re deploying DirectAccess. The NLS is nothing more than a internal webserver with an valid SSL certificate installed on it. The NLS server never should not be reachable over the internet.

Two helpful command:

netsh namespace show effectivepolicy

nltest /dsgetdc