I'm experimenting with Direct Access in a lab setting with 1 client and 3 2012 R2 servers. The client is running Windows 8.1 Enterprise.

The client is always able to connect to the Direct Access server but is unable to ping or connect to the 2 servers that don't have RAS installed. Moreover, this behavior migrates to whichever server is running Remote Access Server: So, if I remove the role and install on another server, the client is able to communicate with the new server, but not the old.

The connection from the client to the server is via IP-HTTPS (only option available to me in this environment). The client is able to reliably determine when it's on the Internet versus the intranet. However, when on the Internet, it stays in a "Connecting" state and never connects, but I'm still able to access the DA server.

Does anyone have any ideas on how to resolve this?

 I managed to resolve the issue. I'm posting here in the hope that this may help another newbie to DA.

Here's what caused my issue: As I mentioned, this was a lab environment where the limited number of machines were fulfilling multiple roles. In particular, the DA Server was also a backup domain controller running DNS. In my research, I came across a comment on http://directaccessguide.com that mentioned that the DA Server runs DNS64 to support clients; that made me suspicious that the regular DNS server was in some way conflicting. And, in fact, before this server was made a backup DC, DA was functioning just fine. Removing the backup DC role resolved the issue.

So the takeaway is this: Don't run the regular DNS service on the DA Server; if you do, you will get DA client connectivity only to the DA Server.

• Marked as answer by AtsDev 21 hours 30 minutes ago

 I managed to resolve the issue. I'm posting here in the hope that this may help another newbie to DA.

Here's what caused my issue: As I mentioned, this was a lab environment where the limited number of machines were fulfilling multiple roles. In particular, the DA Server was also a backup domain controller running DNS. In my research, I came across a comment on http://directaccessguide.com that mentioned that the DA Server runs DNS64 to support clients; that made me suspicious that the regular DNS server was in some way conflicting. And, in fact, before this server was made a backup DC, DA was functioning just fine. Removing the backup DC role resolved the issue.

So the takeaway is this: Don't run the regular DNS service on the DA Server; if you do, you will get DA client connectivity only to the DA Server.

• Marked as answer by AtsDev Thursday, October 23, 2014 1:23 PM

 I managed to resolve the issue. I'm posting here in the hope that this may help another newbie to DA.

Here's what caused my issue: As I mentioned, this was a lab environment where the limited number of machines were fulfilling multiple roles. In particular, the DA Server was also a backup domain controller running DNS. In my research, I came across a comment on http://directaccessguide.com that mentioned that the DA Server runs DNS64 to support clients; that made me suspicious that the regular DNS server was in some way conflicting. And, in fact, before this server was made a backup DC, DA was functioning just fine. Removing the backup DC role resolved the issue.

So the takeaway is this: Don't run the regular DNS service on the DA Server; if you do, you will get DA client connectivity only to the DA Server.

• Marked as answer by AtsDev Thursday, October 23, 2014 1:23 PM

 I managed to resolve the issue. I'm posting here in the hope that this may help another newbie to DA.

Here's what caused my issue: As I mentioned, this was a lab environment where the limited number of machines were fulfilling multiple roles. In particular, the DA Server was also a backup domain controller running DNS. In my research, I came across a comment on http://directaccessguide.com that mentioned that the DA Server runs DNS64 to support clients; that made me suspicious that the regular DNS server was in some way conflicting. And, in fact, before this server was made a backup DC, DA was functioning just fine. Removing the backup DC role resolved the issue.

So the takeaway is this: Don't run the regular DNS service on the DA Server; if you do, you will get DA client connectivity only to the DA Server.

• Marked as answer by AtsDev Thursday, October 23, 2014 1:23 PM