In June, Microsoft announced it would be deprecating Direct Access in the near future. The recent Windows 11 24H2 update has caused significant disruptions for users relying on DirectAccess (IP-HTTPS). This change appears to be part of Microsoft’s broader strategy to transition users to their Always On VPN solution. Let’s delve into the details and implications of this issue.

What is DirectAccess (IP-HTTPS)?

DirectAccess is a feature introduced in Windows 7 and Windows Server 2008 R2, designed to provide seamless and secure remote access to corporate networks. It uses IP-HTTPS to encapsulate IPv6 traffic over an IPv4 network, ensuring compatibility and security.

The Impact of Windows 11 24H2 Update

With the rollout of Windows 11 24H2, many users have reported that DirectAccess (IP-HTTPS) is no longer functioning correctly. This disruption has left organizations scrambling to find alternative solutions to maintain secure remote access for their employees.
But DirectAccess should still work because it was, not removed, only deprecated. This issue has already the attention of Microsoft.

Workarounds

The Windows 11 24H2 update has indeed caused issues with DirectAccess (IP-HTTPS), as Microsoft is encouraging users to transition to Always On VPN. Here are a few potential workarounds you can try:

  1. Rollback the Update: If DirectAccess is critical for your operations, consider rolling back to the previous version of Windows 11. This has been reported to restore functionality.
  2. Pause Feature Updates: Temporarily pause feature updates to prevent the 24H2 update from installing until a fix is available.
  3. Registry Tweak: Although not always effective, some users have tried disabling User Datagram Protocol (UDP) for Remote Desktop Protocol (RDP) via a registry tweak. However, this has not consistently resolved the issue.
  4. Contact Microsoft Support: Reach out to Microsoft Support for assistance. They may provide specific guidance or updates on resolving this issue.
  5. Transition to Always On VPN: As a long-term solution, consider transitioning to Always On VPN, which Microsoft is promoting as the replacement for DirectAccess.

Why is Microsoft Pushing Always On VPN?

Microsoft’s Always On VPN is a modern remote access solution that offers several advantages over DirectAccess:

  1. Enhanced Security: Always On VPN supports stronger encryption protocols and integrates seamlessly with Azure AD and Conditional Access policies.
  2. Better Performance: It improves connectivity and performance, especially for mobile and remote users.
  3. Simplified Management: Always On VPN is easier to deploy and manage, with centralized configuration and monitoring capabilities.

 

Paul Cobben