Monday, April 13, 2020

Microsoft Direct Access Client Check

If you are using Direct Access, any client that has been configured to use it can use this simple netsh cli from the command prompt to see if it thinks it is inside or outside the network.

netsh dns show state

During a DNS outage this showed us that the machine location was Outside the corporate network even though we were here in the office.  Thus explained DNS lookup issues.

Name Resolution Policy Table Options

Query Failure Behavior                : Only use LLMNR and NetBIOS if the name does not exist in DNS
Query Resolution Behavior             : Resolve only IPv6 addresses for names
Network Location Behavior             : Let Network ID determine when Direct Access settings are to be used
Machine Location                      : Outside corporate network
Direct Access Settings                : Configured and Enabled
DNSSEC Settings                       : Not Configured

No comments: