I realise there are many questions on this topic but despite reviewing many, I still cannot get Direct Access clients connected remotely.
Our setup is as follows:
DC: Server 2008 R2
CA: Server 2008 R2
RA: Server 2012 with single NIC, using public address to NAT to it
Ultimately will be set up with Windows 7 clients using our local CA, but thought best to get working first using Win8 client using the more simple Kerberos Proxy method.
I went through the basic steps of setting up the RA access and using just AD authentication.
I have been through the usual troubleshooting steps and found that the NRPT table was being fully populated by the GPO used for clients as it was missing the CA details. ie. "netsh namespace show policy" result was missing the name of the CA for both the DirectAccess-NLS.domain.local and domain.local, so I manually edited the NRPT table and added both those results in but this has made no change.
Running netsh interface httpstunnel show interfaces shows that the interface is active
The remote access just says "connecting" and I can't see anything of relevance in the event logs on the DC or RA.
The event logs on the client that I believe are relevant are ones like these:
------------------------------------------------------------------------------
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 12/06/2013 12:22:13 p.m.
Event ID: 8015
Task Category: (1028)
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: Win8client.domain.local
Description:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {EFCC42D3-AD98-4993-8A66-BAEB9381E1CE}
Host Name : Win8client
Primary Domain Suffix : domain.local
DNS server list :
118.148.1.10, 118.148.1.20
Sent update to server : <?>
IP Address(es) :
172.20.10.4
-----------------------------------------------------------------------
The adapter referred to is the "Tunnel adapter isatap"
I know the NAT'ing is working as I can successfully ping the RA server from outside