Wednesday 25 June 2014

DirectAccess Client Troubleshooting Tool "Failed to Connect to HTTP Probe at http://DirectAccess-WebProbeHost.Domain.local" User Tunnel Tests

DirectAccess is deployed in your environment, your client is reporting to be "Connecting" but you can see the machine connected from the Remote Access Management console. This is probably because the Infrastructure tunnel has successfully been established but the User Tunnel has failed to come up. When you run the DirectAccess Client Troubleshooting Tool the User Tunnel Tests fail with the error;

Failed to connect to HTTP probe at http://DirectAccess-WebProbeHost.domain.local

You try and ping DirectAccess-WebProbeHost from the DirectAccess server with no success, this is off course because the (A) record for DirectAccess-WebProbeHost has either not been created or it has been removed. It is my personal preference to use PING for the Network Connectivity Assistant (this is what the Web Probe host is referred to from the DirectAccess interface).

The solution is;

Open DNS from a Domain Controller.

Create a new (A) record in the Domain's Forward Lookup Zone something like DaWebProbeHost and point this to a server that will always be online.

Open the Remote Access Management console from the DirectAccess server, click Step 1 Remote Clients

Click Network Connectivity Assistant, the current entry will be set to HTTP DirectAccess-WebProbeHost this is the default value that the Getting Started Wizard configured. Delete this entry.


Right click on the * and select New

Select the connect type to PING and type the FQDN of the DAWebProbe you configured by creating the (A) record in DNS. Click Validate.
Now if you force replication between all your Domain Controllers and perform a gpupdate /force on the client, when you reconnect to the internet and run the DirectAccess Troubleshooting Tool you will now find the User Tunnel Tests are now reporting no errors.