Server 2012 DirectAccess: Useful NETSH Commands 2

During DirectAccess deployments, you can use several netsh commands as part of the initial deployment testing from a DirectAccess client. In the event of problems, this will often include the use of additional advanced netsh commands which are more troubleshooting focused.

The netsh tool is immensely powerful, and the following commands provide a good starting point to assess, understand and troubleshoot the DirectAccess client.

DirectAccess Client:

Settings and Status

Command: netsh dns show state

Description: This is probably the first and most useful command you will run, as it provides essential information on the current DirectAccess status and general configuration state.

netsh dns show state

netsh dns show state

Command: netsh namespace show policy

Description: This command is used to display the Name Resolution Policy Table (NRPT) that has been defined within Group Policy.

Command: netsh namespace show effectivepolicy

Description: This command is similar to the previous command but outputs the actual NRPT entries that are currently active on the DirectAccess client.

Common Transition Technology Interfaces

Command: netsh interface teredo show state

Description: This command shows the current status of the Teredo interface, if used at that time.

netsh interface teredo show state

netsh interface teredo show state

(Teredo not in use here)

Command: netsh interface httpstunnel show interfaces

Description: This command shows the current status of the IP-HTTPS interface, if used at that time.

netsh interface httpstunnel show interfaces

netsh interface httpstunnel show interfaces

Windows Firewall Settings and Status

Command: netsh advfirewall monitor show firewall

Description: This command is used to show the current status and configuration state of the local Windows Firewall.

 netsh advfirewall monitor show firewall      netsh advfirewall monitor show firewall

Command: netsh advfirewall show currentprofile

Description: This command is used to show the current Windows Firewall profile that is in use.

netsh advfirewall show currentprofile

netsh advfirewall show currentprofile

Command: netsh advfirewall monitor show mmsa

Description: This command is used to show the current status of the Windows Firewall main mode security associations that are present when the DirectAccess infrastructure and intranet IPsec tunnels are active.

Command: netsh advfirewall monitor show consec

Description: This command is used to show the current status of the Windows Firewall connection security rules which are used to define the DirectAccess infrastructure and intranet IPsec tunnels.

These commands can save you a lot of time during initial deployment!

2 thoughts on “Server 2012 DirectAccess: Useful NETSH Commands

  1. Reply mu@kc.rr.com Oct 10,2016 8:57 pm

    Yes those are nice, now if I just knew what they should look like I would be good.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.