Can’t ping the domain controller via FQDN while on the internal network? Trouble accessing any of the internal domains that are available via Direct Access while on your internal network?
This is a quick blog post to document an error I encountered that took me a while to figure out, as is typical with errors that are caused by configuration mistakes, yes self-inflicted. In the Microsoft Unified Access Gateway administration documentation for configuring Direct Access (DA), it says 2 things that are extremely important but does not emphasize just how important they are, or the errors that will be encountered if they are not followed.
Your Network Location Server (NLS), which must be able to serve HTTPS requests, is used by your DA clients to determine whether they are on the internal network, this site must not and cannot be accessible through DA or any other means from outside your network, so make sure the HTTPS resource is NOT something you need to access from external networks. If your clients can access the NLS then they will not attempt a DA connection. If they cannot access the server, then they will attempt a DA connection. There are a few key points to this server that also cannot be overlooked.