Microsoft

Direct Access - Corporate Network Names cannot be resolved

I encountered this error message on all Direct Access clients a few days ago (in the advanced diagnostics log):

RED: Corporate connectivity is not working. Corporate network names cannot be resolved. If the problem persists, contact your administrator.

Direct Access did not provide any access to corporate resources from clients (presumably because no name resolution was possible), but the Remote Access Dashboard and Operations Status assured me that nothing was wrong with Direct Access. I therefore tried to blame it on something else.

After some more research, I concluded that Direct Access must be the culprit after all. Tried some more troubleshooting on the Direct Access server, but to no avail. As a last resort I tried to reboot the server (this should have been my first step, I know, but this is a production server so I didn’t want to start with a reboot).

After the reboot, Direct Access began working fine on the clients again.

Curious about what might have caused this error, I sifted through the System event log with a specific time (the time when clients stopped connecting, according to the accounting log). Found this error immediately before clients stopped connecting:

Event ID 7031 The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

An unexpected termination of the Windows Firewall service would obviously disrupt Direct Access, but presumably Direct Access should work again when the service restarted; apparently not the case…

I haven’t tried fixing the underlying issue (found this forum post claiming some command fixed the problem):

We’re also running DirectAccess on a 2012 R2 server in a similar configuration and we also have the same issue (The services terminating unexpectedly) and having to restart the whole server to restore connectivity, I’ve found however those services run together in a shared Svchost process and by modifying the config of those services to run in their own Svchost process (By running “SC Config type= own” in a Admin Command Prompt) and I can see it is the Windows Firewall Service crashing with the exception code “access violation 0xc0000005”, but it restarts on its own and DirectAccess still works fine!

Our setup has been working fine with Server 2012 R2 (Server has been upgraded from older OS’s however) for about a year now, so possibly a dodgy Windows Update???

I still don’t know the cause of this issue, but a reboot restored Direct Access functionality.