Fixing Issues with Creating Protected Connections to the DirectAccess Server

Updated: November 18, 2009

Applies To: Windows Server 2008 R2

For the full intranet or selected server access models, DirectAccess clients create the following Internet Protocol security (IPsec) tunnels to Internet Protocol version 6 (IPv6) addresses assigned to the DirectAccess server:

• The infrastructure tunnel that provides access to domain controllers, intranet Domain Name System (DNS) servers, and other infrastructure servers needed by the computer before the user has logged on.

• The intranet tunnel that provides access to the entire intranet, which is available after the user has logged on.

To troubleshoot the IPsec security associations (SAs) that the DirectAccess client and server negotiate to establish these protected tunnels, see the following topics:

• DirectAccess Client Cannot Establish Tunnels to the DirectAccess Server

• DirectAccess Client Cannot Resolve Names with Intranet DNS Servers

If you have specified management servers in Step 3 of the DirectAccess Wizard, there is an additional management tunnel that is typically initiated by a management server on the intranet. For more information, see Intranet Management Server Cannot Connect to a DirectAccess Client.