DirectAccess ISATAP - Manage Out Issue for Azure VM

asked 2020-08-20T19:39:23.383+00:00
Iain Jones 1 Reputation point

We have a DirectAccess solution and have only recently configured the ISATAP router for "Manage Out" capabilities, principally for ConfigMgr.

For some internal management servers this has worked seamlessly, the ISATAP configuration has applied and we can now manage those DirectAccess connected clients (RDP, etc.)

ConfigMgr/SCCM has proved a challenge. This server was built in Azure and despite picking up the config for ISATAP router it's not picking up an IPv6 address on the ISATAP interface.

Tunnel adapter isatap.reddog.microsoft.com:

Connection-specific DNS Suffix . : reddog.microsoft.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.154.8.4%13(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268435456
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-84-C0-48-00-0D-3A-2C-B1-BB
DNS Servers . . . . . . . . . . . : 10.154.0.4
10.154.0.5

C:\Windows\system32>netsh interface isatap show state
ISATAP State : enabled (Group Policy)

C:\Windows\system32>netsh interface isatap show router
Router Name : directaccess-ISATAP (Group Policy)
Use Relay : default
Resolution Interval : default

I would assume this is connectivity from the Azure VNet to the DirectAccess. I've added inbound and outbound whitelisting for the DirectAccess servers in Azure and even tried a whitelist for the IPv6 address subnet that is reported on the internal LAN/WAN servers that work.

Could it also be a Windows firewall issue with the SCCM server? Any suggestions?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,170 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
106 questions
{count} votes