This topic lists some common issues you might encounter when setting up or using DirectAccess.
For the most up-to-date troubleshooting information, see the DirectAccess home page on Microsoft Technet (http://go.microsoft.com/fwlink/?LinkId=142598).
What problem are you having?
- I get the “The
Internet interface must not be classified as a domain network”
error message in step 2.
- A DirectAccess
client does not have access to the internal network.
DirectAccess client cannot access a resource on the internal
I get the “The Internet interface must not be classified as a domain network” error message in step 2.
- Cause: A domain controller for the
domain of which the DirectAccess server is a member is reachable on
the network to which the selected Internet interface is
- Solution: This error is most commonly
encountered when the DirectAccess server is also configured as a
domain controller, and then you try to run the DirectAccess Setup
wizard. The DirectAccess server cannot be a domain controller. If
the DirectAccess server is not a domain controller, select the
correct Internet interface or determine why a domain controller can
be located on network to which the selected Internet interface is
attached. For more information, see Checklist: Before You
Configure DirectAccess and Checklist: Install and
Configure Single-Server DirectAccess.
A DirectAccess client does not have access to the internal network.
- Cause #1: The DirectAccess client
is not a member of the configured security groups for DirectAccess
- Solution #1: Verify that the
correct security groups are configured in step 1 of the
DirectAccess wizard and that the computer account of the
DirectAccess client computer is a member of one of the configured
groups. For more information, see Configure DirectAccess
- Cause #2: Your Internet or
internal network firewalls are blocking traffic to and from the
- Solution #2: See Understanding
DirectAccess Components for information about configuring your
Internet and internal network firewalls.
A DirectAccess client cannot access a resource on the internal network.
- Cause #1: The resource on the
internal network is not Internet Protocol version 6
- Solution #1: To access a resource
on the internal network, the resource must either be IPv6-capable,
which requires that the computer and the application making the
resource available are both IPv6-capable, or that you use a Network
Address Translation-Port Translation (NAT-PT) device between the
DirectAccess client and the resource. For more information, see
- Cause #2: The Name Resolution
Policy Table (NRPT) is configured incorrectly.
- Solution #2: To determine where to
send Domain Name System (DNS) name query requests, the DirectAccess
client uses the NRPT. If the name of an internal network resource
server is not matched to an entry in the NRPT, the DirectAccess
client uses Internet-facing DNS servers and other methods to
resolve the name. Verify the NRPT has the correct entries as
configured in step 3 of the DirectAccess Setup wizard. For more
information, see Identify Infrastructure
Servers for DirectAccess.