I put this question on SuperUser, but judging from the lack of response I think I picked the wrong place, so I'm cross-posting here.
I'm trying to get DA set up and it is being a major pain. I have the DA server set up (computer with single adapter behind Edge device) and everything is green on the monitor, everything seems to be working there. I have successfully deployed the GPO to the client, and the client is trying to connect. However, it will not connect and "Get-DaConnectionStatus" is saying "NameResolutionFailure".
So I'm working through this guide (https://technet.microsoft.com/en-us/library/ee844114%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396) to try and sort out the connection issue. The client creates an IP-HTTPS tunnel and I am able to ping the IPHTTPSInterface on the DA server from the client, so it can reach the server (Note: I cannot ping the client from the server though).
Where I'm running into problems is on step 6 of the first part of that guide, where it says to use the command "netsh advfirewall monitor show mmsa". The result of that command is "No SAs match the specified criteria".
Any ideas on why this issue is coming up, and how to fix it?
Best Answer
Unfortunately I have seen many people struggle with trying to get single-NIC mode working on a DirectAccess server. This was really only intended for quick POC setups, and for a production (or any) environment, you should really go with dual-NIC installation. You will have fewer issues this way. In fact, I have seen more than a couple cases where I have worked with folks trying to troubleshoot some issue or another, and when we couldn't get to the core of the problem quickly, we just redid the setup as two-NIC, and everything worked fine, with no additional tweaks. I'm not saying you won't be able to get it to work, but I would cut my losses on the current system and change gears for a better overall solution.