I encountered a problem on one of my installations for DirectAccess where all the clients were able to connect to DirectAccess using HTTPS only. After several investigations and with the help of senior Microsoft Engineers we noticed that the Teredo IPV6 route is missing on the server. When the server is trying to respond to Teredo requests, it uses the default Route (6to4) instead of the server Teredo Adapter due to the following route entry:
To fix this issue you need to manually add the Teredo route as follows:
- We need to obtain the Teredo Adapter interface index (IDX) from running the following elevated command on the UAG server “netsh int ipv6 show int”
- Add the route manually (using the obtained IDX from the earlier step) as follows: