Recommended hotfixes and updates for Windows Server 2012 DirectAccess and Windows Server 2012 R2 DirectAccess

Article translations Article translations
Article ID: 2883952 - View products that this article applies to.
Expand all | Collapse all

Summary

This article documents recommended hotfixes and product updates that are currently available for Windows Server 2012 & Windows Server 2012 R2 based DirectAccess deployments. It also includes some known issues for Windows Server 2012 & Windows 2012 R2 DirectAccess, that do not require a hotfix to resolve.

More information

The updates are listed by what operating system they apply to. Some of the updates must be installed on DirectAccess Servers and DirectAccess Clients. The "Why we recommend this hotfix" column provides more information on each recommended update.

Windows Server 2012 R2

Collapse this tableExpand this table
Date addedKnowledge Base ArticleTitleComponentWhy we recommend this hotfix
April 1, 20142929930Unable to resolve host name when you setup DirectAccess on a Windows Server 2012 R2-based computer in an IPv4-only environment DirectAccess componentsInstall this recommended hotfix if you are configuring DirectAccess on a Windows Server 2012 R2 in an IPv4-only environment.
June 30, 20142966087You intermittently cannot connect to the DirectAccess server by using the IP-HTTPS adapter in Windows 8.1 and Windows Server 2012 R2DirectAccess componentsInstall this hotfix on Windows Server 2012 R2 if your Windows Server 2012 R2 installation is a DirectAccess client.
September 3, 20142975719August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 DirectAccess componentsThe August 2014 rollup for Windows Server 2012 R2 includes improvements to DirectAcess connectivity.


Windows Server 2012

Collapse this tableExpand this table
Date addedKnowledge Base ArticleTitleComponentWhy we recommend this hotfix
September 6, 20132859347IPv6 address of a DirectAccess server binds to the wrong network interface in Windows Server 2012DirectAccess administration componentsThis is recommended when using an External Load Balancer with DirectAccess servers
September 6, 20132788525You cannot enable external load balancing on a Windows Server 2012-based DirectAccess serverDirectAccess administration componentsThis is recommended when using an External Load Balancer with DirectAccess servers
September 6, 20132782560Clients cannot connect to IPv4-only resources when you use DirectAccess and external load balancing in Windows Server 2012DirectAccess related driversThis is recommended when using an External Load Balancer with DirectAccess servers
September 6, 20132748603The process may fail when you try to enable Network Load Balancing in DirectAccess in Window Server 2012NLBIf you are deploying Network Load Balancing (NLB) with DirectAccess, you should read this article.
September 6, 20132836232Subnet mask changes to an incorrect value and the server goes offline in DirectAccess in Windows Server 2012DirectAccess administration componentsYou are using Network Load Balancing (NLB) with DirectAccess
September 6, 20132849568MS13-064: Vulnerability in the Windows NAT driver could allow denial of service: August 13, 2013Windows NAT driver used by DirectAccessThis is a recommended Security update
September 6, 20132765809MS12-083: Vulnerability in IP-HTTPS component could allow security feature bypass: December 11, 2012DirectAccess related driversThis is a recommended Security update
September 6, 20132855269Error message when you use an account that contains a special character in its DN to connect to a Windows Server 2012-based Direct Access serverCredential providerIf you have one-time password (OTP) user authentication deployed, DirectAccess Clients may be unable to connect. This fix is required on DirectAccess Servers and Clients.
September 6, 20132845152DirectAccess server cannot ping a DNS server or a domain controller in Windows Server 2012Windows NAT driver used by DirectAccessDirectAccess clients may be unable to connect
September 6, 20132844033Add an Entry Point Wizard fails on a Windows Server 2012-based server in a domain that has a disjoint namespaceDirectAccess administration componentsIf you have a disjoint DNS namespace
September 6, 20132796394Error when you run the Get-RemoteAccess cmdlet during DirectAccess setup in Windows Server 2012 EssentialsDirectAccess administration componentsYou are deploying DirectAccess for Windows 7 clients, using Windows Server 2012 Essentials
September 6, 20132795944Windows 8 and Windows Server 2012 update rollup: February 2013DirectAccess related driversThis update includes fixes for DirectAccess Servers that provide stability under heavy load.
September 6, 20132769240You cannot connect a DirectAccess client to a corporate network in Windows 8 or Windows Server 2012KerberosIf you deployed DirectAccess to use a Kerberos Key Distribution Center (KDC) proxy service
September 6, 20132779768Windows 8 and Windows Server 2012 update rollup: December 2012 IPSecIf you are adjust the IPSec DSOP settings and experiencing a bugcheck
February 28, 2014 2903938Windows RT, Windows 8, and Windows Server 2012 update rollup: December 2013DirectAccess related drivers for 6 fixesApply this monthly rollup package to get 6 DirectAccess fixes
April 1, 20142895930Remote Access Management leaks memory when a VPN or Direct Access connection is used in Windows Server 2012Remote AccessInstall this recommended hotfix if you are using DirectAccess or VPN on Windows Server 2012
September 3, 20142973411Client computer connects to an incorrect entry point when you start a Windows 8 or Windows Server 2012-based computer DirectAccess componentsInstall this hotfix on Windows Server 2012 if you use it as a DirectAccess client.

Windows 8.1

Collapse this tableExpand this table
Date addedKnowledge Base ArticleTitleComponentWhy we recommend this hotfix
June 30, 20142966087You intermittently cannot connect to the DirectAccess server by using the IP-HTTPS adapter in Windows 8.1 and Windows Server 2012 R2DirectAccess ComponentsInstall this hotfix on all Windows 8.1 DirectAccess clients to ensure seamless connectivity.
June 30, 20142964833Windows 8.1 cannot connect over DirectAccess to a Remote Desktop Session Host server farmRDP client based componentsInstall this hotfix on all Windows 8.1 DirectAccess clients to ensure they can connect to their target endpoint in the RD Session Host server farm.
June 30, 20142953212You can't disable the NRPT in Windows 8 or Windows 8.1DirectAccess componentsApply this hotfix if your users bring their Windows 8.1 computers inside the corporate network.
July 22, 20142973071"HTTP 403" or "0x80040001" error when a DirectAccess server requires OTP authentication in Windows RT 8.1 or Windows 8.1DirectAccess componentsInstall this hotfix on Windows 8.1 computers if you connect to the DirectAccess server by using One-Time Password Certificate Enrollment (OTPCE) protocol authentication through an HTTPS connection.
September 3, 20142975719August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 DirectAccess componentsThe August 2014 rollup for Windows 8.1 includes improvements to DirectAcess connectivity.

Windows 8

Collapse this tableExpand this table
Date addedKnowledge Base ArticleTitleComponentWhy we recommend this hotfix
September 6, 20132855269Error message when you use an account that contains a special character in its DN to connect to a Windows Server 2012-based Direct Access serverCredential providerIf you have one-time password (OTP) user authentication deployed, DirectAccess Clients may be unable to connect. This fix is required on DirectAccess Servers and Clients.
September 6, 20132769240You cannot connect a DirectAccess client to a corporate network in Windows 8 or Windows Server 2012KerberosIf you deployed DirectAccess to use a Kerberos Key Distribution Center (KDC) proxy service
February 28, 20142893301DirectAccess can't connect to a corporate network in Windows 8 or Windows Server 2012 DirectAccessIf you have Windows 8 or Window Server 2012 DirectAccess clients, apply this fix
June 30, 20142953212You can't disable the NRPT in Windows 8 or Windows 8.1DirectAccess componentsApply this hotfix if your users bring their Windows 8 computers inside the corporate network.
September 3, 20142973411Client computer connects to an incorrect entry point when you start a Windows 8 or Windows Server 2012-based computer DirectAccess componentsInstall this hotfix on all Windows 8 Computers that use DirectAccess to connect to the corporate network.

Windows 7

Collapse this tableExpand this table
Date addedKnowledge Base ArticleTitleComponentWhy we recommend this hotfix
September 6, 20132796313Long reconnection time after a DirectAccess server disconnects a Windows 7-based DirectAccess clientDirectAccess related driversDirectAccess clients may be unable to connect
September 6, 20132758949You cannot build an IP-HTTPS protocol-based connection on a computer that is running Windows 7 or Windows Server 2008 R2DirectAccess related driversDirectAccess clients may be unable to connect
September 6, 20132718654You are prompted to enter credentials when you try to access a SharePoint server on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based computerDNS ClientIf you encounter this issue on DirectAccess clients
September 6, 20132680464Location detection feature in DirectAccess is disabled intermittently in Windows 7 or in Windows Server 2008 R2Network Location componentsDirectAccess clients may be unable to connect
September 6, 20132535133IP-HTTPS clients may disconnect from Windows Server 2008 R2-based web servers intermittently after two minutes of idle timeDirectAccess related driversIf you are using IP-HTTPS
September 6, 20132288297You are unexpectedly prompted to enter your credentials when you try to access a WebDAV resource in a corporate network by using a DirectAccess connection in Windows 7 or in Windows Server 2008 R2Webdav clientIf you encounter this issue on DirectAccess clients
September 6, 2013979373The DirectAccess connection is lost on a computer that is running Windows 7 or Windows Server 2008 R2 that has an IPv6 addressDirectAccess related driversDirectAccess clients may be unable to connect
September 6, 2013978738You cannot use DirectAccess to connect to a corporate network from a computer that is running Windows 7 or Windows Server 2008 R2DNS ClientDirectAccess clients may be unable to connect
February 28, 20142912883Remote Assistance connection to a Windows 7 SP1-based Direct Access client computer failsRemote Assistance relatedApply this hotfix if you use Windows 7 SP1 and use Remote Assistance
February 28, 20142882659FIX: "Corporate connectivity is not working" tooltip is displayed for the DirectAccess Assistant 2.0 tray icon in the French version of Windows 7 SP1DirectAccess Assitance reletedApply this hotfix if you use French version of Windows 7 SP1
June 6, 20142939489"HTTP 403" or "0x80040001" error when you connect to a DirectAccess server from a DCA tool in Windows 7 SP1Install this hotfix if you use DirectAccess Connectivity Assistant 2.0 tool on Windows 7 SP1 machines and use the tool to connect to the DirectAccess server by using One-Time Password Certificate Enrollment (OTPCE) protocol authentication through a HTTPS connection
June 30, 20142951611DirectAccess is used for internal network connections in Windows 7 SP1DirectAccess componentsInstall this hotfix if you have Windows 7 SP1 DirectAccess clients.
July 22, 20142964833Windows 8.1 cannot connect over DirectAccess to a Remote Desktop Session Host server farmRDP client based componentsInstall this hotfix on all Windows 7 DirectAccess clients to ensure they can connect to their target endpoint in the RD Session Host server farm.

References

Update adds BPA rules for DirectAccess in Windows Server 2012 R2 or Windows Server 2012
http://support.microsoft.com/kb/2896496

Microsoft Windows DirectAccess Client Troubleshooting Tool
http://www.microsoft.com/en-in/download/details.aspx?id=41938

DirectAccess clients may not be able to connect to a DirectAccess server with error 0x800b0109 when using IP-HTTPS
http://support.microsoft.com/kb/2980667

DirectAccess clients can connect over Teredo, but are unable to connect by using IP-HTTPS
http://support.microsoft.com/kb/2980660

DirectAccess clients may not be able to connect to DirectAccess server with error code 0x103, 0x2AFC, or 0x2AF9 when using IP-HTTPS
http://support.microsoft.com/kb/2980635

DirectAccess clients unable to connect with error 0x4BE
http://support.microsoft.com/kb/2980627

DirectAccess clients may not be able to connect with error 0x80092013
http://support.microsoft.com/kb/2980672

Prerequisites for Deploying DirectAccess
http://technet.microsoft.com/en-us/library/dn464273.aspx

DirectAccess Unsupported Configurations
http://technet.microsoft.com/en-us/library/dn464274.aspx

Troubleshooting DirectAccess
http://technet.microsoft.com/en-us/library/dn467926.aspx

Deploy a Single DirectAccess Server Using the Getting Started Wizard
http://technet.microsoft.com/en-us/library/hh831520.aspx

Deploy a Single DirectAccess Server with Advanced Settings
http://technet.microsoft.com/en-us/library/hh831436.aspx

Properties

Article ID: 2883952 - Last Review: September 3, 2014 - Revision: 11.0
Applies to
  • Windows Server 2012 Standard
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows 8 Enterprise
  • Windows 7 Enterprise
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Standard
Keywords: 
kbsurveynew kbexpertisebeginner KB2883952

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com