我刚刚为 directaccess 设置了一个新的服务器。此域之前有 directaccess,但如果有区别的话,它已被删除。
无论如何,服务器管理器中的所有内容都已通过绿色检查。公共证书已安装,并且我已经在外部检查了端口 443 和 62000(同一服务器托管 NLS)是否已打开。在客户端上,我可以浏览到该网站https://da.externaldomain.com没有问题。
客户端的输出:
PS C:\Users\test.testsson> netsh 接口 httpstunnel 显示接口
Interface IPHTTPSInterface (Group Policy) Parameters
------------------------------------------------------------
Role : client
URL : https://da.externaldomain.com:443/IPHTTPS
Last Error Code : 0x0
Interface Status : IPHTTPS interface active
PS C:\Users\test.testsson> Get-DAConnectionStatus
Status : Error
Substatus : CouldNotContactDirectAccessServer
DirectAccess 客户端故障排除中的调试日志只是这么说:
[2016-10-24 10:10:34]: User canceled the tests.
[2016-10-24 10:10:34]: In worker thread, going to start the tests.
[2016-10-24 10:10:34]: Running Network Interfaces tests.
[2016-10-24 10:10:34]: Ethernet0 (Intel(R) 82574L Gigabit Network Connection): SNIPPED
[2016-10-24 10:10:34]: Default gateway found for Ethernet0.
[2016-10-24 10:10:34]: iphttpsinterface (iphttpsinterface): SNIPPED
[2016-10-24 10:10:34]: No default gateway found for iphttpsinterface.
[2016-10-24 10:10:34]: Ethernet0 has configured the default gateway 192.168.100.1.
[2016-10-24 10:10:34]: Default gateway 192.168.100.1 for Ethernet0 replies on ICMP Echo requests, RTT is 2 msec.
[2016-10-24 10:10:34]: Received a response from the public DNS server (8.8.8.8), RTT is 3 msec.
[2016-10-24 10:10:34]: The public DNS Server (2001:4860:4860::8888) does not reply on ICMP Echo requests, the request or response is maybe filtered?
[2016-10-24 10:10:34]: Running Inside/Outside location tests.
[2016-10-24 10:10:34]: NLS is https://da.local.domain:62000/.
[2016-10-24 10:10:34]: NLS is not reachable via HTTPS, the client computer is not connected to the corporate network (external) or the NLS is offline.
[2016-10-24 10:10:34]: NRPT contains 2 rules.
[2016-10-24 10:10:34]: Found (unique) DNS server: SNIPPED
[2016-10-24 10:10:34]: Send an ICMP message to check if the server is reachable.
[2016-10-24 10:10:34]: DNS server SNIPPED is online, RTT is 11 msec.
[2016-10-24 10:10:34]: Running IP connectivity tests.
[2016-10-24 10:10:35]: The 6to4 interface service state is default.
[2016-10-24 10:10:35]: Teredo inferface status is offline.
[2016-10-24 10:10:35]: The configured DirectAccess Teredo server is win10.ipv6.microsoft.com..
[2016-10-24 10:10:35]: The IPHTTPS interface is operational.
[2016-10-24 10:10:35]: The IPHTTPS interface status is IPHTTPS interface active.
[2016-10-24 10:10:35]: IPHTTPS is used as IPv6 transition technology.
[2016-10-24 10:10:35]: The configured IPHTTPS URL is https://da.externaldomain.com:443.
[2016-10-24 10:10:35]: IPHTTPS has a single site configuration.
[2016-10-24 10:10:35]: IPHTTPS URL endpoint is: https://da.externaldomain.com:443.
[2016-10-24 10:10:35]: Failed to connect to endpoint https://da.externaldomain.com:443.
[2016-10-24 10:10:35]: No response received from skarpa.local.
[2016-10-24 10:10:35]: Running Windows Firewall tests.
[2016-10-24 10:10:35]: The current profile of the Windows Firewall is Public.
[2016-10-24 10:10:35]: The Windows Firewall is enabled in the current profile Public.
[2016-10-24 10:10:35]: The outbound Windows Firewall rule Kärnnätverket - Teredo (UDP-ut) is enabled.
[2016-10-24 10:10:35]: The outbound Windows Firewall rule Kärnnätverket - IPHTTPS (TCP-ut) is enabled.
[2016-10-24 10:10:35]: Running certificate tests.
[2016-10-24 10:10:35]: No usable machine certificate found.
[2016-10-24 10:10:35]: Found 0 machine certificates on this client computer.
[2016-10-24 10:10:35]: Running IPsec infrastructure tunnel tests.
[2016-10-24 10:10:35]: Failed to connect to domain sysvol share \\local.domain\sysvol\locla.domain\Policies.
[2016-10-24 10:10:35]: Running IPsec intranet tunnel tests.
[2016-10-24 10:10:38]: Failed to connect to :1000::1 with status TimedOut.
[2016-10-24 10:10:47]: Failed to connect to :1000::1 with status TimedOut.
[2016-10-24 10:10:50]: Failed to connect to :1000::2 with status TimedOut.
[2016-10-24 10:10:59]: Failed to connect to :1000::2 with status TimedOut.
[2016-10-24 10:10:59]: Running selected post-checks script.
[2016-10-24 10:10:59]: No post-checks script specified or the file does not exist.
[2016-10-24 10:10:59]: Finished running post-checks script.
[2016-10-24 10:10:59]: Finished running all tests.
服务器上的输出
C:\Users\admin>netsh interface httpstunnel show interfaces
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role : server
URL : https://da.externaldomain.com:443/IPHTTPS
Client authentication mode : none
Last Error Code : 0x0
Interface Status : IPHTTPS interface active
我在这里不知所措。我从来没有遇到过这样的问题,通常是在实际连接后 NLS 或 DAC 配置出现问题。我尝试重新安装客户端,但问题仍然存在。
还尝试从服务器中删除配置并重新配置。远程访问控制台上的所有内容仍为绿色。
答案1
这有点老了,但我还是会把它扔掉,以防其他人遇到这个问题。当人们首先使用自动生成的证书设置他们的 DA,然后稍后选择使用他们自己的公共证书时,我总是看到这种情况。在您的示例中,您声明“已安装公共证书”。但是“客户端身份验证模式:无”。您的 DA 可能认为它正在使用证书,但在后端它没有。因此,没有进行身份验证,客户端无法连接。我见过的唯一解决方法是删除与 DA 相关的所有内容。从 GP 条目到 AD 条目。您还必须删除最初设置的服务器并从头开始。如果您尝试共享服务器并且仍然需要该服务器上的其他服务,那么您必须将其移动到其他地方。