DirectAccessServer Class

  • ID:  Microsoft.Windows.RemoteAccess.2012.Class.DirectAccessServer
  • Description:  DirectAccessServer
  • Class Hierarchy: 
    Entity
    Logical Entity
    Application Component
    Windows Application Component
    DirectAccessServer

  • Attributes:  Public, Hosted
Login
The IP Helper service (iphlpsvc) has stopped, and DirectAccess might not work as expected. The IP Helper service provides tunnel connectivity using the connectivity platform, IPv6 transition technologies, and IP-HTTPS. 6to4 interface is not working on the Remote Access server. 6to4 Unknown Error Forwarding is disabled on the 6to4 adapter. All DNS Servers used by DA for name resolution are unresponsive Unknown error occured with DNS infra Some DNS Servers used by DA for name resolution are not responding Some Enterprize DNS servers used by DA for Name resolution are unresponsive DNS name resolution for IPv4 servers failed. DirectAccess clients might not be able to access IPv4-only servers in the corporate network. DNS64 is disabled on the server. DNS64 provides access to IPv4-only servers in the corporate network. Dns64 translation failed unknown error with Dns64 This checks the availablitliy/reachability of the domain controllers configured for DirectAccess Domain Controller unknown error Services required for remote access servers to work as expected in the cluster are not running. Remote clients will not be able to connect to the internal network via this server. Services required for remoteaccess to work as expected in the cluster are not running. Remote clients will not be able to connect to the internal network via this server. The cluster state on this server is stopped, suspended, draining or converging. An unknown error occured with NLB The IP Helper service (iphlpsvc) has stopped. DirectAccess might not function as expected. The IP Helper service provides tunnel connectivity using the connectivity platform, IPv6 transition technologies, and IP-HTTPS. The IP-HTTPS listener is inactive and cannot accept connections from DirectAccess clients. Unknown error occured with IPHttps The certificate binding to HTTPS port 443 has changed. This certificate is used for IP-HTTPS authentication. Without the correct certificate, clients cannot connect. The IP-HTTPS certificate is not valid. The IP-HTTPS certificate is missing. Route advertisement is disabled on the IP-HTTPS adapter. The IP-HTTPS route does not have published property enabled Forwarding is disabled on the IP-HTTPS adapter. The specified IP-HTTPS certificate is different from the VPN SSTP certificate. IP-HTTPS and SSTP must use the same certificate because both use port 443. Unknown error with IPSec Ports or protocols blocked on the internal or external network adapters are preventing Remote Access from functioning as expected. There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration. The certificate used for IPsec authentication is not valid. The certificate used for IPsec authentication is missing. The IP Helper service (iphlpsvc) has stopped, and DirectAccess might not work as expected.The IP Helper service provides tunnel connectivity using the connectivity platform, IPv6 transition technologies, and IP-HTTPS. ISATAP adapter is not available. Catch all error for ISATAP Forwarding is disabled on the ISATAP adapter. The ISATAP server name cannot be resolved. Route advertising is disabled on the ISATAP router. The ISATAP route is not published. A network authentication service (kpssvc) is not available.  This service helps in authenticating DirectAccess clients when they connect to the  corporate network via DirectAccess. Ports required for Kerberos authentication are blocked. Kerberos authentication is required to authenticate clients using Kerberos proxy on this server. \ For clients to communicate with the proxy, firewalls must allow HTTPS traffic (port 443 by default). The Kerberos proxy must be able to send Kerberos authentication protocol traffic via port 88, and Kerberos change password protocol traffic via port 464 to domain controllers. Kerberos unkown error The certificate binding for HTTPS Port 443 has changed. This certificate is used to authenticate remote clients with Kerberos. Without the correct certificate,  authentication of remote clients connecting via DirectAccess will not work as expected. The certificate used for Kerberos authentication is not valid. The certificate used for Kerberos authentication is missing. An unknown error occured with one of the Management Servers All management servers are unavailable or not responding.  Updates required for DirectAccess client compliance might not work as expected. One or more management servers are unavailable or not responding. Updates required for corporate compliance of DirectAccess client computers might not work as expected. NAT64 connectivity failed. DirectAccess clients might not be able to access IPv4-only servers in the corporate network. NAT64 is disabled on the server. NAT64 is used to provide access to IPv4-only servers in the corporate network. NAT64 translation failures might be preventing remote clients from accessing IPv4-only servers in the corporate network. An unknown error occured with Nat64 Forwarding is not enabled on the external adapter. Check if forwarding is disabled on the internal network adapter. This might prevent remote clients from accessing internal network resources. The network adapters are either disconnected or disabled. This monitor is a catch all for other errors Corporate network route publish The certificate binding for the network location server has been modified. Without the correct certificate, connectivity for DirectAccess clients located in the internal network will not work as expected. The network location server is unavailable or not responding. This might disrupt DirectAccess connectivity, and connectivity \ for DirectAccess clients located inside the corporate network. An unknown error occured with Network Location Server There is no response from the network location server URL. DirectAccess connectivity might not work as expected, and DirectAccess clients located inside the corporate network might not be able to reach internal resources The network location server certificate is not valid. Connectivity for DirectAccess clients located in the internal network will not work as expected. The certificate configured for the network location server cannot be found. DirectAccess clients located in the corporate network might experience connectivity issues. The network location server does not have a valid DNS entry. DirectAccess clients located in the corporate network will not be able to resolve the server name, and internal network connectivity will not work as expected. Network security is not working as expected. The Base Filtering Engine (BFE) service has either been stopped, or is not responding. BFE is a service that manages firewall and IPsec policies, and implements user mode filtering.  Disabling the BFE service reduces system security, and IPsec management and firewall applications might not work as expected. DOSP Unknown Error Network security is not working as expected. The IKE and AuthIP IPsec Keying Modules (IKEEXT) service was stopped, or is not responding. Check for IPsec Denial of Service Protection (DoSP) is not enabled. The Current State Entries counter has exceeded critical levels. View this counter under IPsec DOS Protection in Performance Monitor. This counter defines the number of active state entries in the table. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal adapter. A Denial of Service (DoS) attack  might be underway. IPv6 Main Mode negotiation failures have reached warning or critical levels. Check to verify if a DoS attack is underway Network Security ICMP Queue Overflow Warning. Network Security Queue Overflow Warning The Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec counter has exceeded a defined threshold. View this counter under IPsec DOS Protection in Performance Monitor. This counter defines the rate at which unauthenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets received on a public adapter were discarded because they exceeded the rate limit for IPv6 IPsec unauthenticated packets per second. An unauthenticated packet is an IPsec packet without an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal adapter. A network security component is under a Replay attack. A Replay attack is a form of network attack in which a valid  data transmission is maliciously or fraudulently repeated or delayed. A network security component is under a spoofing attack. A connection cannot be established to CA a server used for OTP authentication. A CA server used for OTP authentication is configured incorrectly. A connection cannot be established to any of the CA servers from Remote Access server. Certificate template availability The security group defined for users exempt from two-factor authentication does not exist The OTP authentication ISAPI extension has stopped, and DirectAccess cannot function as expected. Otp unknown error A connection to a RADIUS server configured for OTP authentication cannot be established. A connection cannot be established to any of the RADIUS servers from Remote Access server. Otp Certificate template configuration The OTP authentication ISAPI extension is not configured correctly, and DirectAccess cannot function as expected. The OTP signing certificate is missing or configured incorrectly. Check if the services required for proper functioning of the server are running An error occured with the services essential to running DA Remote Access failed to apply server specific settings. The IP Helper service (iphlpsvc) has stopped. DirectAccess might not function as expected.  The IP Helper service provides tunnel connectivity using the connectivity platform, IPv6 transition technologies, and IP-HTTPS. The Teredo server cannot be started. The Teredo server has stopped. Catch all for all other errors with teredo server Forwarding is disabled on the Teredo server. The Teredo server primary or secondary IPv4 addresses are invalid. DirectAccessServer RemoteAccessServer 6to4 DNS DNS64 DomainController This class represents Network Load Balancing IP-HTTPS IPSec ISATAP Kerberos ManagementServers NAT64 NetworkAdapters NetworkLocationServer NetworkSecurity Otp Services Teredo

Download diagram as a Visio file

Properties

Display Name Description
Display Name Display name of monitoring object.

Discovered By

Name Description
RemoteAccessServerPSDiscovery  

Relations

Health Source
NameClassType
DirectAccessServer Hosts 6to4 DirectAccessServer Hosting
DirectAccessServer Hosts DNS DirectAccessServer Hosting
DirectAccessServer Hosts DNS64 DirectAccessServer Hosting
DirectAccessServer Hosts DomainController DirectAccessServer Hosting
DirectAccessServer.Hosts.HighAvailability DirectAccessServer Hosting
DirectAccessServer Hosts IP-HTTPS DirectAccessServer Hosting
DirectAccessServer Hosts IPSec DirectAccessServer Hosting
DirectAccessServer.Hosts.ISATAP DirectAccessServer Hosting
DirectAccessServer.Hosts.Kerberos DirectAccessServer Hosting
DirectAccessServer Hosts ManagementServers DirectAccessServer Hosting
DirectAccessServer Hosts NAT64 DirectAccessServer Hosting
DirectAccessServer Hosts NetworkAdapters DirectAccessServer Hosting
DirectAccessServer Hosts NetworkLocationServer DirectAccessServer Hosting
DirectAccessServer Hosts NetworkSecurity DirectAccessServer Hosting
DirectAccessServer.Hosts.Otp DirectAccessServer Hosting
DirectAccessServer Hosts Services DirectAccessServer Hosting
DirectAccessServer Hosts Teredo DirectAccessServer Hosting
Entity Watched By Perspective Entity Reference

Health Target
NameClassType
RemoteAccessServer Hosts DirectAccessServer DirectAccessServer Hosting

Class Knowledgebase

Summary

DirectAccess is a feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. DirectAccess has been enhanced in Windows Server 2012 and is now available in Remote Access server role.

External References
This class does not contain any external references.

See Also for Windows Routing and Remote Access Service (RRAS) Management Pack


Downloads for Windows Routing and Remote Access Service (RRAS) Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED