This article describes an issue that prevents DirectAccess clients from connecting by using IP-HTTPS even though they can connect over Teredo.
Original KB number: 2980660
DirectAccess clients can connect over Teredo, but may be unable to connect by using IP-HTTPS.
When you run the netsh interface http show interface command, the output is as follows:
Error: 0x643
Translates to: Fatal error during installation.Error: 0x34
Translates to: Interface creation failure.
Error: 0x643
Translates to: Fatal error during installation.0x643 translates to:
ERROR_INSTALL_FAILURE
#Fatal error during installation.Error: 0x34
Translates to : Interface creation failure.0x34 translates to:
ERROR_DUP_NAME
# You were not connected because a duplicate name exists on
# the network. If joining a domain, go to System in Control
# Panel to change the computer name and try again. If joining
# a workgroup, choose another workgroup name.
The reasons for these error codes are the same. Both error codes indicate a pre-existing setting or interface that conflicts with the currently applied IP-HTTPS configuration.
Possible causes for this issue include the following:
Note If IPv6 isn't selected on the NIC, but the DisabledComponents registry key has not been set, then you can ignore this possible cause.
If IPv6 is disabled make sure to enable it back.
If the DisabledComponents registry key is set under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6 , then delete it, or make sure that transition adapters aren't being disabled.
For more information about this, go to the following article at the Microsoft Knowledge Base:
929852 How to disable IPv6 or its components in Windows
DirectAccess connectivity methods
DirectAccess clients use multiple methods to connect to the DirectAccess server, which enables access to internal resources. Clients can use either Teredo, 6to4, or IP-HTTPS to connect to DirectAccess. This also depends on how the DirectAccess server is configured.
When the DirectAccess client has a public IPv4 address, it will try to connect by using the 6to4 interface. However, some ISPs give the illusion of a public IP Address. What they provide to end users is a pseudo public IP address. This means that the IP address received by the DirectAccess client (a data card or SIM connection) might be an IP from the public address space but that it's actually located behind one or more NATs.
When the client is behind a NAT device, it will try to use Teredo. Many businesses such as hotels, airports, and coffee shops don't allow Teredo traffic to traverse their firewall. In such scenarios, the client will fail over to IP-HTTPS. IP-HTTPS is built over an SSL (TLS) TCP 443-based connection. SSL outbound traffic will most likely be allowed on all networks.
Having this in mind, IP-HTTPS was built to provide a backup connection that is reliable and always reachable. A DirectAccess client will make use of this when other methods (such as Teredo or 6to4) fail.
More information about transition technologies can be found at IPv6 transition technologies.