DirectAccess Workaround for reaching IPv4 address checking sites

Article translations Article translations
Close Close
Article ID: 974080 - View products that this article applies to.
Expand all | Collapse all
Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptoms

Certain websites that check IPv4 addresses to grant access, such as certain document libraries will not work over DirectAccess, as the corporate prefix will not match. In order to get around this limitation, the FQDN for each site should be added to the NRPT. Websites which verify users through their IPv4 addresses will not be accessible.

Cause

Windows DirectAccess works through IPv6 technologies. When accessing corporate networks through DirectAccess users will be behind home routers and will therefore not match the IPv4 address range of users on their corporation's network.

The IPv4 only websites will not be able to identify the users, and will therefore deny them access.

Resolution



In order to get around this IPv4 limitation, the Fully Qualified Domain Name (FQDN) is placed in the Name Resolution Policy Table(NRPT) to force traffic through the corporate proxy. In order to configure this:
  1. Launch gpedit.msc
  2. Navigate to Computer Configuration -> Windows Settings -> Name Resolution Policy
  3. Select FQDN under "To which part of the namespace does this rule apply"
  4. Enter the FQDN in the textbox next to it.


This is a manual process and must be done for each site of this nature, but has been tested and works smoothly.

If there are any DNS server and related settings that you need to force, select the tab "DNS Settings for Direct Access" and configure the DA Settings. Select the checkbox next to "Enable DNS Settings for Direct Access in this rule" to un-grey the options.

More Information

The Name Resolution Policy Table (NRPT) is a table of namespaces and settings stored in the registry that determines the client's DNS Query behavior. The NRPT can be edited using Group policy or through registry scripts.

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

Properties

Article ID: 974080 - Last Review: July 27, 2009 - Revision: 1.2
APPLIES TO
  • Windows 7 Professional
  • Windows 7 Professional N
  • Windows 7 Enterprise
  • Windows 7 Enterprise N
  • Windows 7 Ultimate
  • Windows 7 Ultimate N
Keywords: 
kbrapidpub kbnomt KB974080

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com