Using DirectAccess Connectivity Assistant (DCA) 1.0

  • Article

Updated: April 8, 2010

Applies To: Unified Access Gateway

The Microsoft DirectAccess Connectivity Assistant (DCA) helps organizations to reduce the cost of supporting DirectAccess users, and significantly improve their connectivity experience.

The DCA supports a DirectAccess client computer that is running Windows 7, and provides the following client side functionality:

  • An indication of the state of DirectAccess connectivity to the corporate network resources. For each state of DirectAccess connectivity, a different icon is displayed in the notification area.

  • Informational messages that help the user to identify problem areas. For more information, see Client side connectivity messages.

  • Ability for the user to create and send log files to support personnel.

  • Ability for the user to disable and re-enable DirectAccess name resolution. For more information, see Prefer local names.

The DCA is configured by using Group Policy settings. For more information, download the Microsoft_DirectAccess_Connectivity_Assistant_Deployment_Guide.

To install the Microsoft DCA

  1. In your Web browser, type https://go.microsoft.com/fwlink/?LinkId=184636 in the Address bar.

  2. Follow the instructions to download the files you require.

    Note

    The compressed Microsoft_DirectAccess_Connectivity_Assistant.zip file contains all the files listed on the Microsoft DCA download page.

Client side connectivity messages

The following client side messages are included in the DCA:

Message Displayed by DCA Description

This Windows Edition does not support DirectAccess. Please contact your administrator.

DirectAccess is supported on Windows 7 Ultimate and Enterprise editions, and Windows Server 2008 R2 only. The DCA runs on Windows 7 only.

The corporate network reports that your computer is not compliant with health requirements.

Corporate Network Access Protection (NAP) servers are reporting that the client computer is missing a health certificate. To receive the certificate, you must fix the health problem reported by NAP.

Windows needs your smart card credentials. Please enter your credentials, or lock this computer and then unlock it by using your smart card.

Your administrator can choose to enforce the use of smart cards to access corporate resources with DirectAccess. This message appears the first time your computer attempts to access a corporate resource when smart card credentials are not available. This typically happens after the computer wakes up from sleep or hibernation.

Local names are currently preferred. Prefer corporate names to restore DirectAccess connectivity.

DCA is set to prefer local names. To access corporate resources, you must disable the Prefer local names option. This can be done by selecting the option in the DCA menu, or by restarting the computer.

Windows is not configured for DirectAccess. Please contact your administrator if this problem persists.

The computer is not configured to use DirectAccess. This can be verified in the default logs generated by the Advanced Diagnostics window.

Internet Connectivity is not available. Please connect your computer to the Internet, or start network diagnostics.

Windows cannot connect to the Internet.

Windows cannot contact the DirectAccess server. Please contact your administrator if this problem persists.

The DCA cannot contact the DirectAccess server. The DCA tests its ability to access administrator configured servers to determine this state. The status of connectivity to the test servers can be verified in the default logs generated by the Advanced Diagnostics window.

Windows is unable to resolve corporate network names.  Please contact your administrator if this problem persists.

Windows cannot resolve names for resources on the corporate network.

Windows is unable to contact some corporate content resources. Please contact your administrator if this problem persists.

The DCA cannot access one or more of the test resources on the corporate network. The status of Corporate Resource connectivity can be verified in the default logs generated by the Advanced Diagnostics window.

Windows has lost basic connectivity with corporate resources. Please contact your administrator if this problem persists.

The DCA cannot access one or more of the test resources on the corporate network. The status of Corporate Resource connectivity can be verified in the default logs generated by the Advanced Diagnostics window.

Microsoft DirectAccess Connectivity Assistant is not properly configured. Please contact your administrator if this problem persists.

The DCA is missing necessary configuration information. Your administrator must configure certain settings for DCA to operate correctly. The current configuration can be viewed in the default logs generated by the Advanced Diagnostics window.DCA settings are stored in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\DirectAccessConnectivityAssistant

Prefer local names

When you are on a remote network that is using DirectAccess, all of the name queries from your computer that resolve friendly DNS names that match your organization’s DNS name are sent to your corporate DNS name server. Short names are combined with your organization’s DNS name. This enables short names for intranet resources such as https://hrweb or \\public to be accessible to you in your remote location. However, this has the effect of making resources on your locally connected network with the same name no longer available by their short name.

For example, if you are at a customer site with a DirectAccess-enabled laptop, and you want to check a Web site on the customer’s network named https://thissite, by default it might not work because the name resolution request is sent through DirectAccess to your corporate DNS servers. If your corporate network has a server with that name, then your request resolves to the server on your corporate network instead of the server on the customer’s network. If your corporate network does not have a server by that name, the name resolution depends on settings configured by your network administrator.

The local customer site might not be accessible by name. Until you install DCA, your options to work around this problem are as follows:

  • Append “.local” to the end of the shortname. For example, use https://thissite.local.Add an entry for thissite in the file %windir%\system32\drivers\etc\hosts. This file is checked before DNS. This change is permanent as long as the entry exists in the file, and any other computer on other networks with the same name are not accessible by name. This option might work well for a small number of computers, such as a Windows Home Server on your home network, but likely is not a practical solution for business computers.

  • Look up the IP address of the thissite computer, and use it instead of the friendly name. This might be difficult, and it is complicated by the fact that IP addresses for many computers can change dynamically.

  • Add an entry for thissite in the file %windir%\system32\drivers\etc\hosts. This file is checked before DNS. This change is permanent as long as the entry exists in the file, and any other computers on other networks with the same name are not accessible by name. This option might work well for a small number of computers, such as a Windows Home Server on your home network, but likely is not a practical solution for business computers.

With DCA installed, you have an option that is less complicated for a user and easy to turn on and off. By selecting the Prefer local DNS names option, you disable name resolution through corporate network DNS servers and use whatever normal name resolution is available to your client computers. This enables you to access computers like your Windows Home Server by name, but it prevents you from accessing any corporate resources by name.

To return to the default DirectAccess behavior, right-click the DCA notification area icon. Click Prefer corporate names. The warning icon changes back to the icon that represents a normal DirectAccess operation.

Note

  • This option is available only if it has been enabled by your DirectAccess administrator, and only when the computer is connected to a network that is outside of the internal corporate network.

  • This option only has an effect when you are connecting to the corporate network from the Internet. If you are connected directly to the corporate network, this option does not normally appear to do anything. It does serve as a temporary workaround when your corporate network connected computer fails network location detection.

  • When you select this option, the DCA notification area icon changes to the version with the yellow warning icon to remind you to re-enable the use of corporate names when you are done accessing the local resources.

  • If you disconnect and reconnect from the network and DirectAccess service (for example, if you restart your computer or resume it from suspend or hibernate), this option automatically reverts back to Prefer corporate names being enabled when the DirectAccess connection is resumed. To continue using local names, you must right-click the DCA notification area icon, and then click Prefer local names.