Demo DirectAccess in a virtual environment

I was setting up DirectAccess in a demo lab last week, and struck what is in hindsight an obvious issue, but at the time I sat there thinking … huh?

I deployed and configured DirectAccess, completely standard using the wizard, got all green status on the Dashboard and then found that the connection was not turning up on my client.  I could see the GPO, if I ran a model of the GPO against the user and computer combo, it looked like it should be being applied.  But it wasn’t.

The answer, as I say in hindsight is obvious.  PCSystemType = 2.

Let me explain.

When the DirectAccess wizrd is run, there is an option that says “Enable DirectAccess for mobile computers only”.  It’s checked by default, and what that does, is apply a WMI filter to the GPO.  This is documented.

What does that WMI filter do?

It selects computers that meet the criteria of PCSystemType being equal to 2.  And if you take a look on MSDN you will see that within the Win32_ComputerSystem class, a PCSystemType of 2 means … mobile .

So, after editing the DirectAccess configuration and removing this checkbox and running a gpupdate, my client received the connection.

Case solved. But I wanted to post this not only for this specific scenario, which is unlikely to bite anyone in the real world as virtual clients don’t tend to roam externally, but to show the investigative aspects of figuring out why something was not working as expected.

A.