Direct Access client DNS AAAA record registration issues

Hello Janx,

This may seem like some issue regarding NRPT related to the evolution from Direct Acess to AOVPN, and I would suggest the next workarounds:

1. Get DA server Internal int ipv6 address. You can take it from step 2 DA configuration wizard (Remote Access Server).
2. Set that IP as static prefered v6DNS server address on Client PC Network intreface, wich used for connection (wireless or lan).

There is a registry chain that may disable the NRPT registration, you can run the next Powershell command in some of the clients to set to "0" that value and see if they start to register:

New-ItemProperty -Path ‘HKLM:SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\’ -Name DisableNRPTForAdapterRegistration -PropertyType DWORD -Value 0 -Force

------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Hi

Thank You.. I will try this ipv6 DNS trick.
Registry key's are set already long time ago.. since Win 2004 version..

Tried this ipv6 DNS trick - unfortunatley no good.
I'm bit out of ideas. There is nowhere viable errors.

Found a possible solution.
Perviously our DNS servers were configured to listen all IP addresses (including autoconfigured ipv6).
As soon as I configured them to listen only ipv4 our DA clients started registering their AAAA records again. Will monitor the situation further.

Hi Janx,

Please do the following:

Confirm GPO Settings

DirectAccess clients get their DirectAccess client settings via Group Policy.

Confirm that the Client Knows that it’s not on an Intranet

The DirectAccess client must know whether it’s on or off the corporate network. If it’s on the corporate network, then it will turn off the DirectAccess tunnels and use local name resolution based on the DNS server that’s configured on its NIC. Use the following command for this:

netsh dns show state

Confirm the Name Resolution Policy Table Settings on the DirectAccess Client

The Name Resolution Policy Table (NRPT) is used by the DirectAccess client to determine which DNS server it should use to resolve a name.

You can view the NRPT settings by using the command:

netsh namespace show effectivepolicy

Confirm Connectivity to DNS Servers and Domain Controllers

You need to ensure that the DirectAccess client can contact the DCs and DNS servers.

For example, you can run the command:

nltest /dsgetdc:

---------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--