Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,131 questions
DirectAccess ISATAP - Manage Out Issue for Azure VM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIJ%3C/text%3E%3C/svg%3E)
Iain Jones
1
Reputation point
We have a DirectAccess solution and have only recently configured the ISATAP router for "Manage Out" capabilities, principally for ConfigMgr.
For some internal management servers this has worked seamlessly, the ISATAP configuration has applied and we can now manage those DirectAccess connected clients (RDP, etc.)
ConfigMgr/SCCM has proved a challenge. This server was built in Azure and despite picking up the config for ISATAP router it's not picking up an IPv6 address on the ISATAP interface.
Tunnel adapter isatap.reddog.microsoft.com:
Connection-specific DNS Suffix . : reddog.microsoft.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.154.8.4%13(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268435456
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-84-C0-48-00-0D-3A-2C-B1-BB
DNS Servers . . . . . . . . . . . : 10.154.0.4
10.154.0.5
C:\Windows\system32>netsh interface isatap show state
ISATAP State : enabled (Group Policy)
C:\Windows\system32>netsh interface isatap show router
Router Name : directaccess-ISATAP (Group Policy)
Use Relay : default
Resolution Interval : default
I would assume this is connectivity from the Azure VNet to the DirectAccess. I've added inbound and outbound whitelisting for the DirectAccess servers in Azure and even tried a whitelist for the IPv6 address subnet that is reported on the internal LAN/WAN servers that work.
Could it also be a Windows firewall issue with the SCCM server? Any suggestions?
{count} votes
-
Iain Jones 1 Reputation point
2020-08-21T08:39:59.407+00:00 From what I have been told ISATAP isn't supported on an Azure VM. Certainly every attempt we've made to get this to work supports that.
-
GitaraniSharma-MSFT 46,931 Reputation points Microsoft Employee2020-09-02T08:34:15.03+00:00 Hello @Iain Jones ,
Apologies for the delay in response. Since, your question is related to DirectAccess & ISATAP configuration (which is more of a Windows Networking related query), it will be better answered by the Windows support team. Hence, if you have a support plan, I request you to file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email to azcommunity [at] microsoft [dot] com referencing this thread as well as your subscription ID. Please mention "ATTN gishar" in the subject field.
Thank you for your cooperation on this matter and look forward to your reply.
-
GitaraniSharma-MSFT 46,931 Reputation points Microsoft Employee
2020-09-09T13:48:48.67+00:00 Hello @Iain Jones ,
We've not received any email from your end regarding this issue. Please let us know the current status and provide an update to proceed further.
Thanks,
Gita -
GitaraniSharma-MSFT 46,931 Reputation points Microsoft Employee
2020-09-15T08:04:21.09+00:00 Hello @Iain Jones ,
Could you please provide an update on this issue? Do send us an email as requested in case the issue is still ongoing.
Thanks,
Gita -
GitaraniSharma-MSFT 46,931 Reputation points Microsoft Employee
2020-09-16T15:53:49.647+00:00
Sign in to comment