Windows 10 and 11: Direct Access issue confirmed by Microsoft
Microsoft confirmed an issue affecting Direct Access on Windows 10 and Windows 11 devices recently. The issue affects devices running windows 11 version 21H2 and 22H2, in other words all release versions of Windows 11, as well as the Windows 10 versions 20H2, 21H1, 21H2 and 22H2, and the Enterprise version LTSC 2019, Windows Server 2022 and Windows Server 2019.
Microsoft describes the issue in the following way: connections to Direct Access may fail on affected systems after "temporarily losing network connectivity or transitioning between Wi-Fi networks or access points". The issue occurs after the installation of the October preview updates or newer updates on affected systems.
Microsoft notes that the issue "should not affect" other remote connectivity solutions, such as VPN and Always on VPN.
Most Home devices are not affected by the issue, as Direct Access is used primarily to access network resources of an organization remotely.
Microsoft used a Known Issue Rollback to fix the issue. It may take up to 24 hours to propagate the change to devices that are not managed. Restarting the device may help speed up the resolution of the issue according to Microsoft.
Enterprise-managed devices do not receive the fix automatically. Administrators need to install and configure special policies to resolve the issue on these devices.
Group Policy downloads are found on all support pages that provide information on the issue. You may check the Windows 11 version 22H2 support page to download the policies for all affected issues.
Direct Access, sometimes also referred to as DirectAccess by Microsoft, is a networking technology that enables remote connectivity. It enables Windows users to access network resources of organizations without using a VPN connection.
Remote clients are always connected to the organization with direct Access. Microsoft recommends the use of Direct Access only on Windows devices that run versions of Windows prior to Windows 10. On Windows 10 and later, Microsoft recommends that organizations use Always on VPN instead.
Now You: do you connect to other devices remotely?
Of course if you run a network, you may need to give remote users a way to reliably connect to it and work in it. And these connections should not be too complicated to establish and maintain. The fundamental problem with Direct Access, however, is that Microsoft made it just a bit too easy, making such remote connections more or less permanent. For this reason, Direct Access has (at least from a network manager’s viewpoint) always looked a bit of a security risk to me.
Of course on my personal home computers, I do not allow any remote connections that actively interact with (or can explore) them.
Nobody can be surprised at this time about this. Thanks for the article.
“[D]o you connect to other devices remotely?”
Yes, and I use TeamViewer to do it (as a “free” non-commercial user, which is what I am). It seems to work pretty damn well and it was a *godsend* when I had to maintain my dad’s computers from 1000 miles away. I’d never heard of Direct Access and probably wouldn’t be interested in it if I had. (I have run Linux in the past and will be doing so again in the near future, so I stay away from Windows-only apps to the extent possible.)
Microsoft newspeak creeping in. Now they are not computers any more, they are devices.