cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Direct Access doesn't work on Rogers

mascf1
I Plan to Stick Around

Our corporate network uses Microsoft Direct Access for remote access and this uses Teredo and IPv6 to establish a connection.  All Rogers modems with the latest firmware versions are interfering with the teredo client and preventing remote access from working.  A working connection shows the client type as "teredo client", on Rogers the client type is "teredo host-specific relay" which doesn't allow a connection to the corporate network.  As a workaround we know that putting the Hitron modems into bridge mode and using a separate router resolves the issue, but staff don't want to buy a router to resolve this issue with Rogers, they want Rogers to fix the problem with the modem firmware.  Staff with DSL Internet don't have this problem, this is a Rogers issue.

 

 

 

**Edited Labels**

12 REPLIES 12

Re: Microsoft Direct Access doesn't work on Rogers

RogersPrasana
Retired Moderator
Retired Moderator

Hi @mascf1

 

Thanks for posting on the Community Forums! Smiley Happy

 

What modem are you currently using?

 

This sounds like something one of our Resident Experts can provide some insight into, @Gdkitty or @Datalink ?

 

 

@RogersPrasana

 

 

 

Re: Microsoft Direct Access doesn't work on Rogers

mascf1
I Plan to Stick Around

The issue isn't isolated to a particular model, it affects all the Hitron modems.  Staff with Ignite 100 service and others with the Ignite 30 service using the older Hitron modems are having the same issue with teredo and it occured after their last firmware update on the older modems, the newer Hitron modems have always had this compatibility problem in Residential Gateway mode.  This literally affects all of our staff who have Rogers Internet at home, those who don't want to buy their own router to use the modem in bridege mode are getting fed up trying to deal with Rogers support for this and some have given up and swtiched to Bell to resolve the problem. 

 

There has to be a better solution than telling people to buy a separate router to get teredo working on Rogers.

Re: Microsoft Direct Access doesn't work on Rogers

There are actally two issues on the go here.  First is the IPV6 enabling across the network, second are the updates to the modems, which, in certain modems enable IPV6 use when the modem is operating in Gateway mode.  With IPV6 running, the preferred address on a pc would be an IPV6 address instead of an IPV4 address.  The windows pc's and probably mac's end up with slightly different Teredo client names as you indicated:  "teredo host-specific relay" instead of the previous "teredo client" where IPV4 was in use and Teredo was used to tunneling to a IPV4/I1PV6 relay into an IPV6 environment.  I'm not knowledgeable enough in IPV6 ops to suggest the fix for this, but it seems that there are two avenues:

 

1.  Turn off IPV6 in the pc's and mac's.  The end user has to drill down into the advanced adapter settings to disable IPV6 on the adapter and reboot the computer.  Buying a router also resolves this as IPV6 can be turned off on the router and the end user devices will operate on IPV4 as they previously had done. Unfortunately, there is no provision to disable IPV6 on the modems.

 

2.  Address the issue in the communications settings for Microsoft Direct Access.  It would be hard to believe that Microsoft has not accommodated for the possibility that someday, users would be operating in a Native IPV6 environment as is now available across the Rogers Network.  Teredo is a transition technology bridging the transition from the pure IPV4 world to the available IPV6 world, so by now, Microsoft Direct Access should be able to operate in a Native IPV6 world.  I wonder what Comcast users who run Microsoft Direct Access use for the comm settings.  They've had to deal with this for several years.  

 

In terms of switching ISPs, I wonder what Bell and others are doing for IPV6 addressing.  The world is going IPV6, so, even if any of your staff switch to other ISPs, at some point I would expect this same issue to arise.  

 

Possibly @cyco and @RogersDave might have some sage advice on this issue.



Re: Microsoft Direct Access doesn't work on Rogers

Question - have you configured the Name Resolution Policy Table? From my notes: 

 

> Name Resolution Policy Table (NRPT) for DNS queries. The DirectAccess client uses NRPT to determine which DNS server to use when resolving names.

 

o When client is connected to the LAN, NRPT is not used and name resolution occurs normally (h-node, first to DNS).

 

o When client is connected to a foreign network, NRPT is switched on. 

 If a target FQDN/name is on the NRPT, the query is sent to a local/intranet DNS server.

 

 If the FQDN/name is NOT on the NRPT, the query is sent via the default DNS servers on the foreign network (typically, the ISP).

 

 

This is from a document I wrote in Feb 2013 - it worked on Rogers at that time. Sorry, don't recall what modem I had. 

Re: Microsoft Direct Access doesn't work on Rogers

mascf1
I Plan to Stick Around

All the computers are Windows 7 and all have IPv4 and IPv6 protocols enabled on the NIC.  Teredo client status is supposed to be "teredo client" when the computer has both IPv4 and IPv6 enabled, if IPv6 from the client is being blocked then the result is "teredo host-specific relay" which can't establish a connection.  Both IPv4 and IPv6 have to be passed from the client through the modem and currently this is only possible with the modem in bridge mode.  Is Rogers going to fix this issue with their Hitron modems?

Re: Microsoft Direct Access doesn't work on Rogers

Here's the status of the modems for IPV6 ops:

 

The Cisco DPC3825 is IPv6 capable but not enabled on the network. 

 

CGN2 works out of the box for IPv6 in both bridge and gateway mode.

CGN3 works for IPv6 in bridge mode. In gateway mode, it requires a factory reset.

CGN3ACR and CGN3ACSMR are very close in hardware and both work with IPv6 in bridge mode. In gateway mode, they require a new firmware but only CGN3ACSMR has been updated.  If an end user has a CGN3ACR and requires IPV6 in Gateway mode, he or she will have to swap the modem for another model that supports IPV6 in Gateway mode.

 

The CGNM-3552 supports IPV6 in both Gateway and Bridge modes.

 



Re: Microsoft Direct Access doesn't work on Rogers

mascf1
I Plan to Stick Around

I have the CGN3ACSMR with firmware update 4.5.8.21 and teredo still doesn't work in Gateway mode, it causes the teredo client on the computer to be "host-specifc relay" which doesn't allow the connection.  Still have to use the modem in bridge mode.

Re: Microsoft Direct Access doesn't work on Rogers

@mascf1,

Read this: https://support.microsoft.com/en-us/kb/3016537

 

Can you set up a test lab using this configuration and test if it works with your Rogers eqipment?

Re: Microsoft Direct Access doesn't work on Rogers

mascf1
I Plan to Stick Around

I don't have the resources to set this up and our corporate network uses Direct Access on Server 2008R2 through UAG.  Staff need their Rogers connections to work with DA in this configuration. 

Re: Microsoft Direct Access doesn't work on Rogers

mascf1
I Plan to Stick Around

Disabling IPv6 on the computer also works.  Problem with that is not everyone has local admin access on their corporate laptops so they can't disable it themselves.  It would be best if Rogers would allow customers to disable IPv6 on the modem without having to use bridge mode.

Re: Microsoft Direct Access doesn't work on Rogers

cyco
I Plan to Stick Around
does Teredo use protocol 41?
my v6 broker uses protocol 41 (6in4) and it works fine.

one thing my broker doesn't like and its not being able to ping the v4 end point. so you may want to turn that security feature off if you are using the hitron in gateway mode

Re: Microsoft Direct Access doesn't work on Rogers

I am having the same issue.  DirectAccess will not work on the Rogers network.  I have tried with the Rogers modem in Bridge and Gateway mode, without a router behind the modem and with three different consumer and commercial grade routers (2 Dlink and 1 Cisco) behind the modem.  On very few occassions the connection existed long enough that I could see my corporate network.  I have tried this with my home internet connection, with my Rogers cell phone as a mobile hotspot, and with a Roger mobile network hub.  All have the same result. In addition, I tried from three public wifi locations.  The first (City of Markham) which uses Rogers also failed.  The other two (Tim Hortons and McDonalds) both of which use Bell worked perfectly.  I connected to the corporate network instantly and the connection remained active and stable.

 

Definitely something preventing DirectAccess from working on Rogers network.

We Want Your Opinion
Would you be interested in becoming a Community Testing Lab member?
Topic Stats
  • 12 replies
  • 2854 views
  • 0 Likes
  • 6 in conversation