Using the DCA Software

  • Article

Applies To: Windows 7, Windows Server 2008 R2

The information in this section is a User’s Guide that you can provide to the users to whom you deploy the DirectAccess Connectivity Assistant (DCA). This information will help them understand how to use the DCA to improve their DirectAccess experience and help them troubleshoot DirectAccess connectivity issues that might occur.

The DirectAccess Connectivity Assistant notification area icon

After the DirectAccess Connectivity Assistant (DCA) program is installed on your computer, it appears as an icon in the notification area of your user interface. The icon provides information about the current status of your corporate connectivity. If you are unable to access corporate resources, check the icon to see if the DCA reports any issues with your DirectAccess connection to the corporate network. If you hover your mouse pointer over the DCA icon, a text message with the current state of the DirectAccess connection appears.

Left-clicking the DCA notification area icon

If you left-click the DCA icon, a pop-up window appears with additional information about the current state of your DirectAccess connection. The information in the window includes steps that you must take to attempt to restore connectivity.

The status represents one of three states, and you can receive details about each by left-clicking the icon:

  • If the DCA determines that DirectAccess is working as expected with no issues, the icon appears with no warning or error symbols. The pop-up message that appears if you hover over the icon or left-click the icon states Corporate Connectivity is working correctly.

  • If the DCA determines that the DCA software components are working correctly, but that some aspect of DirectAccess is not working as expected, the icon includes a warning symbol consisting of an exclamation mark in a yellow triangle. The pop-up message that appears if you hover over the icon or left-click the icon states Corporate Connectivity requires user action. This state indicates that DirectAccess is operational, but it requires some action from you to access all resources. This message can appear when there is no Internet connectivity, because you must take action to connect to the Internet.

  • If the DCA determines that there is Internet access, but no DirectAccess connectivity to your corporate intranet, an icon appears with an error symbol consisting of an X in a red circle. The pop-up message that appears if you hover over the icon or left-click the icon states Corporate Connectivity is not working correctly. This state indicates that no DirectAccess connectivity is available. This type of problem typically cannot be fixed by any action performed by a local user.

Another common pop-up message from DCA that can occur when you resume a DirectAccess-enabled laptop from sleep or hibernation, is a request for you to supply your smartcard (or other supported credentials) to reestablish connectivity to corporate resources. Until you do so, the DCS icon shows the yellow warning state. The pop-up message looks similar to the following diagram:

If your network uses Network Access Protection (NAP) to enforce system health requirements on client computers, such as antivirus software, or the latest security updates for the software installed on your computer, then NAP can block your computer from connecting to corporate resources until the problem is resolved. The DCA pop-up dialog box contains information appropriate to the current connectivity state, and includes links to resources that can help you resolve the problem. The dialog box typically contains a link to a corporate Web page that contains information from your DirectAccess administrators. For example, if the DCA indicates NAP as the cause of connectivity loss, it can direct you to the NAP client software that you can use to remediate the lack of compliance with your organization’s security requirements.

When the DCA status is red, indicating no DirectAccess connectivity at all, the pop-up dialog box can include possible reasons for the error.

The messages that DCA can display are listed in the following table:

Message displayed by DCA Description

This Windows Edition does not support DirectAccess. Please contact your administrator.

DirectAccess is supported on Windows 7 Ultimate and Enterprise editions, and Windows Server 2008 R2 only. The DCA runs on Windows 7 only.

The corporate network reports that your computer is not compliant with health requirements.

Corporate Network Access Protection (NAP) servers are reporting that the client computer is missing a health certificate. To receive the certificate, you must fix the health problem reported by NAP.

Windows needs your smart card credentials. Please enter your credentials, or lock this computer and then unlock it by using your smart card.

Your administrator can choose to enforce the use of smart cards to access corporate resources with DirectAccess. This message appears the first time your computer attempts to access a corporate resource when smart card credentials are not available. This typically happens after the computer wakes up from sleep or hibernation.

Local names are currently preferred. Prefer corporate names to restore DirectAccess connectivity.

DCA is set to prefer local names. To access corporate resources, you must disable the Prefer local DNS names option. This can be done by selecting the option in the DCA menu, or by restarting the computer.

Windows is not configured for DirectAccess. Please contact your administrator if this problem persists.

The computer is not configured to use DirectAccess. This can be verified in the default logs generated by the Advanced Diagnostics window.

Internet Connectivity is not available. Please connect your computer to the Internet, or start network diagnostics.

Windows cannot connect to the Internet.

Windows cannot contact the DirectAccess server. Please contact your administrator if this problem persists.

The DCA cannot contact the DirectAccess server. The DCA tests its ability to access administrator configured servers to determine this state. The status of connectivity to the test servers can be verified in the default logs generated by the Advanced Diagnostics window.

Windows is unable to resolve corporate network names.  Please contact your administrator if this problem persists.

Windows cannot resolve names for resources on the corporate network.

Windows is unable to contact some corporate content resources. Please contact your administrator if this problem persists

The DCA cannot access one or more of the test resources on the corporate network. The status of Corporate Resource connectivity can be verified in the default logs generated by the Advanced Diagnostics window.

Windows has lost basic connectivity with corporate resources. Please contact your administrator if this problem persists.

The DCA cannot access one or more of the test resources on the corporate network. The status of Corporate Resource connectivity can be verified in the default logs generated by the Advanced Diagnostics window.

Microsoft DirectAccess Connectivity Assistant is not properly configured. Please contact your administrator if this problem persists.

The DCA is missing necessary configuration information. Your administrator must configure certain settings for DCA to operate correctly. The current configuration can be viewed in the default logs generated by the Advanced Diagnostics window.

DCA settings are stored in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\DirectAccessConnectivityAssistant

Right-clicking the DCA notification area icon

When you right-click the DCA notification area icon, a menu appears that enables you to interact with the DCA. The menu consists of the following options:

  • Advanced Diagnostics

  • Prefer Local Names

Advanced diagnostics

Selecting this option from the DCA right-click menu displays the Advanced Diagnostics dialog box. The dialog box has detailed information about any current issues that are detected by the DCA. Advanced local users might be able to use the additional detail to solve or work around the issue. If test resources that have been specified by your administrator cannot be accessed, the name of that resource is included in the text of the error message.

As soon as the Advanced Diagnostics dialog box appears, the DCA immediately begins gathering log file information about the DCA and the DirectAccess client. After those logs are gathered and compressed into a .cab file, you can e-mail them to your DirectAccess administrators. You can examine the log files by clicking the link below Advanced log files after they are generated. The log files are plain text, although they are not intended for end users to read or understand. Instead, send them to your DirectAccess administrator by clicking E-mail logs to open a new e-mail message. The log files are in a .cab file that is already attached to the message, and the e-mail is addressed to your DirectAccess administration team. Add any additional information to describe the problem you are experiencing in the body of the e-mail, and then click Send to transmit the e-mail to your DirectAccess administrators. The administrators can use the information that is included in the log to determine the source of the connectivity problems.

Prefer Local DNS Names

When you are on a remote network that is using DirectAccess, all of the name queries from your computer that resolve friendly DNS names that match your organization’s DNS name are sent to your corporate DNS name server. Short names are combined with your organization’s DNS name. This enables short names for intranet resources such as https://hrweb or \\public to be accessible to you in your remote location. However, this has the effect of making resources on your locally connected network with the same name no longer available by their short name.

For example, if you are at a customer site with a DirectAccess-enabled laptop, and you want to check a Web site on the customer’s network named https://thissite, by default it might not work because the name resolution request is sent through DirectAccess to your corporate DNS servers. If your corporate network has a server with that name, then your request resolves to the server on your corporate network instead of the server on the customer’s network. If your corporate network does not have a server by that name, the name resolution depends on settings configured by your network administrator. The local customer site might not be accessible by name. Until you install DCA, your options to work around this problem are as follows:

  • Append “.local” to the end of the shortname. For example, use https://thissite.local.

  • Look up the IP address of the thissite computer, and use it instead of the friendly name. This might be difficult, and it is complicated by the fact that IP addresses for many computers can change dynamically.

  • Add an entry for thissite in the file %windir%\system32\drivers\etc\hosts. This file is checked before DNS. This change is permanent as long as the entry exists in the file, and any other computer on other networks with the same name are not accessible by name. This option might work well for a small number of computers, such as a Windows Home Server on your home network, but likely is not a practical solution for business computers.

With DCA installed, you have an option that is less complicated for a user and easy to turn on and off. By selecting the Prefer local DNS names option, you disable name resolution through corporate network DNS servers and use whatever normal name resolution is available to your client computers. This enables you to access computers like your Windows Home Server by name, but it prevents you from accessing any corporate resources by name.

To return to the default DirectAccess behavior, right-click the DCA notification area icon. Click Prefer corporate names. The warning icon changes back to the icon that represents a normal DirectAccess operation.

Note

  • This option is available only if it has been enabled by your DirectAccess administrator, and only when the computer is connected to a network that is outside of the internal corporate network.

  • This option only has an effect when you are connecting to the corporate network from the Internet. If you are connected directly to the corporate network, this option does not normally appear to do anything. It does serve as a temporary workaround when your corporate network connected computer fails network location detection.

  • When you select this option, the DCA notification area icon changes to the version with the yellow warning icon to remind you to reenable the use of corporate names when you are done accessing the local resources.

  • If you disconnect and reconnect from the network and DirectAccess service (for example, if you restart your computer or resume it from suspend or hibernate), this option automatically reverts back to Prefer corporate names being enabled when the DirectAccess connection is resumed. To continue using local names, you must right-click the DCA notification area icon, and then click Prefer local names.