During DirectAccess deployments, you can use several netsh commands as part of the initial deployment testing from a DirectAccess client. In the event of problems, this will often include the use of additional advanced netsh commands which are more troubleshooting focused.
The netsh tool is immensely powerful, and the following commands provide a good starting point to assess, understand and troubleshoot the DirectAccess client.
DirectAccess Client:
Settings and Status
Command: netsh dns show state
Description: This is probably the first and most useful command you will run, as it provides essential information on the current DirectAccess status and general configuration state.
netsh dns show state
Command: netsh namespace show policy
Description: This command is used to display the Name Resolution Policy Table (NRPT) that has been defined within Group Policy.
Command: netsh namespace show effectivepolicy
Description: This command is similar to the previous command but outputs the actual NRPT entries that are currently active on the DirectAccess client.
Common Transition Technology Interfaces
Command: netsh interface teredo show state
Description: This command shows the current status of the Teredo interface, if used at that time.
netsh interface teredo show state
(Teredo not in use here)
Command: netsh interface httpstunnel show interfaces
Description: This command shows the current status of the IP-HTTPS interface, if used at that time.
netsh interface httpstunnel show interfaces
Windows Firewall Settings and Status
Command: netsh advfirewall monitor show firewall
Description: This command is used to show the current status and configuration state of the local Windows Firewall.
Command: netsh advfirewall show currentprofile
Description: This command is used to show the current Windows Firewall profile that is in use.
netsh advfirewall show currentprofile
Command: netsh advfirewall monitor show mmsa
Description: This command is used to show the current status of the Windows Firewall main mode security associations that are present when the DirectAccess infrastructure and intranet IPsec tunnels are active.
Command: netsh advfirewall monitor show consec
Description: This command is used to show the current status of the Windows Firewall connection security rules which are used to define the DirectAccess infrastructure and intranet IPsec tunnels.
These commands can save you a lot of time during initial deployment!
Yes those are nice, now if I just knew what they should look like I would be good.
Hi,
I updated the post with some screenshots to clearify some of the commands.
/Stephan