Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 20, 2017 5:23 AM
Dear Experts,
We have Windows Server 2012R2 DirectAccess with Windows 7 clients. Cl do nient computerot connect to DirectAccess after turning on the laptop from sleep / hibernate mode, we need to reboot the laptop for it to connect with DirectAccess.
Your expertise is highly appreciated.
Many thanks...
Dev T
All replies (15)
Wednesday, June 21, 2017 8:53 AM | 1 vote
Hi,
Based my understanding, you have to reboot your client to reconnect your DA when you client fall into sleep mode.
Does your client waked up from sleep mode to connect internet?
If not, I think it might be caused by your power management.
1.Press Windows Key + R and type devmgmt.msc in the Run dialog box to open Device Manager.
2**.** In the Device Manager window, expand Network Adapters and look for your driver of nic , do a right click over it, select Properties.
3. In the property sheet, switch to Power Management tab and uncheck the option” Allow the computer to turn off this device to save power” Click OK.
If there is any other concern, please don’t hesitate to let me know.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, June 23, 2017 9:06 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 26, 2017 3:49 AM
Many thanks for your reply...
Does your client waked up from sleep mode to connect internet? YES...Client computer are able to access the internet, only DirectAccess does not kick in.
1.Press Windows Key + R and type devmgmt.msc in the Run dialog box to open Device Manager.
In the Device Manager window, expand Network Adapters and look for your driver of nic , do a right click over it, select Properties.--All the NIC drivers are GREEN and up to date.
In the property sheet, switch to Power Management tab and uncheck the option” Allow the computer to turn off this device to save power” Click OK.--We have tried this on few laptops, however most of the time the laptop require a reboot to connect to DirectAccess (Internet works fine on all the laptop)
Dev T
Monday, June 26, 2017 6:49 AM
Hi,Dev T
Do you mean just laptop from sleep / hibernate mode occur the problem? Do them connect network with wifi?
Do your Windows Server 2012R2 install NPS for 802.1X Authenticating ?
Please check your server and clients' firewall.
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, June 27, 2017 4:00 AM
Thanks for your reply....
Do you mean just laptop from sleep / hibernate mode occur the problem? Do them connect network with wifi?YES....This only happens when laptops come out out of sleep/hibernate mode and connect to WiFi. Internet works fine on WiFi, only DA does not connect.
We do not have Network Policy Server (NPS)
Dev T
Tuesday, June 27, 2017 9:43 AM
Hi,
If DA client can access the NLS, it will consider itself in the internal network.
Make sure that client can't access the NLS when laptop from sleep / hibernate mode.
If issue persists, please try to use "ipconfig /flushdns" in the client.
For detailed information about NLS, please refer to the link below,
Network location server
http://technet.microsoft.com/en-us/library/gg315317.aspx
Best regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, June 28, 2017 9:20 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, June 29, 2017 5:15 AM
Many thanks Frank...However it connects sometimes (not all the time1 out of 1000), flushing DNS is not an option as end users are not technical and they will not prefer this option every time they connect to WiFi.
Our NLS is not reachable over internet, it's absolutely internal.
Dev T
Friday, June 30, 2017 10:09 AM
Hi,
Based on the complexity and the specific situation, we need do more researches. If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible. Your kind understanding is appreciated. If you have further information during this period, you could post it on the forum, which help us understand and analyze this issue comprehensively.
Sorry for the inconvenience and thank you for your understanding and patience.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, October 13, 2017 10:43 AM
Hi. Hi have the exact same issue as described. Any advance on this? or workaround?
What we see is that it occurs with 'normal' domain users and do not with domain admin users. In fact, we tested the following: login with a normal user - it connects to DA; wait for the computer to sleep; then use a domain admin credential when restoring from sleep. In that scenario, the computer connects to DA with no problem.
Wednesday, October 25, 2017 6:18 AM
Dear Julio,
Windows has a tendency to cache negative DNS lookups so that even if you fix a DNS problem you still cannot look up a name. A negative DNS lookup occurs when trying to resolve the address for a name that has no corresponding DNS record. There is a registry entry that specifies cache times for DNS. One of them specifies how long to cache these negative entries. I would suggest setting it to zero so it will always try to query a DNS server even though the name did not exist before. We have dont it through Group Policy.
https://technet.microsoft.com/en-us/library/cc959309.aspx
Dev T
Wednesday, October 25, 2017 8:44 AM
Hi Dev T. Thanks for your answer. I saw this behavior in the past and needed to adjust negative caching in other customers and scenarios, specifically in a split-brain DNS scenario, where the client computer tried to resolve internal names form the external DNS when not connected to DirectAccess (same zone, different records) and got negative responses from the Authority name servers. This is not the case in the actual scenario, where the internal DNS zone is not splitted, so no DNS negative caching issue here. What I found is that, after the time for computer sleep defined in the power policy is passed, the DA tunnels are closed, and they're not re-established again until a logoff or a logon event in the client computer is done (being logging off the current user, in which case the infrastructure tunnel is created, allowing the creation of the intranet tunnel at logon, or login a new user -with cached credentials- without to logoff the actual, in which case both tunnels are created). That is, simply by returning from sleep and unlocking the computer is not enough to re-create the connection.
Best regards.
Wednesday, October 25, 2017 10:43 AM
Dear Julio...We are facing the same issue...
Dev T
Wednesday, October 25, 2017 11:26 AM
Yes :-)
During the investigation, we found that: 1) It only happens when the computer runs on battery. If connected to CA, tunnels are not closed. B) Tunnels are closed when the computer is idle (whether you manually turned it to sleep or not) for the time configured in the current power plan for unattended sleep. C) If you manually turn the computer to sleep (Start - power button-> sleep) the tunnels are not closed, until the unattended sleep timer has run out.
So, as a workaround until a definitive solution is found, we decided to configure a GPO to avoid automatic sleep on battery:
Computer Configuration->Policies->Administrative Templates->system->Power Management->Sleep Settings
Policy: Specify the unattended sleep timeout (on battery)
State: Enabled
Unattended Sleep Timeout (seconds): 0
Hope that helps.
Wednesday, January 22, 2020 12:44 AM
Thanks Frank, I haven't had a single issue connecting since doing this