I recently came across some strange behavior while configuring an existing DirectAccess implementation for One Time Password (OTP) codes.
Windows 8 machines would connect to DirectAccess and state they are “Connected”, even though they could only connect to management server resources. The machines never prompted for the OTP code.
When the workstation was in this state it could ping corporate resources but couldn’t establish any further TCP connections to them.
The issue was tracked down to the DirectAccess Network Connectivity Assistant, where we had a PING resource configured. In this scenario, as the NCA could ping corporate resources it stated DirectAccess was connected without prompting for OTP credentials.
Incorrect configuration – no HTTP resource
After adding an additional HTTP resource (which is not accessible until the OTP code has been provided), DirectAccess started prompting correctly for the OTP code.
Correct configuration – with PING and HTTP resource
Hopefully if you come across this issue you now have a solution!
Engineering IT 