IPHTTPS with DirectAccess Not working with F5

I was at the client site till 12:00 AM but got the setup working. Thanks a ton!! for pointing me to the right direction with the Pseudo Interface information. It seems the Hotfix did the trick.

The wizard will ask you if you have static v6 configured on the nics. Don't know about NLB though. I always use F5 and the external LB scenario.

Ok...so Loopback Pseudo-Interface 1 is the problem...It is not getting the IP now in the third server. Two are working within NLB so that is the good news. Windows8-RT-KB2859347-x64 is the key here which is a Hotfix for this issue although, is there a way by which I can fix this issue without breaking NLB? I mean reset the adapters and then let the configuration Policy assign the correct IPs and all?

If not then I will have to break the NLB anyways which I am keeping as the last option?

In the wizard, it only requests for IPv4 Address and not IPv6 so even if I can assign it in the TCP/IP Properties, I cannot set the VIP.

Configure the ::1 as the DIP on the first server (static IPv6 on the NIC). Then when running the LB wizard you will be asked to specify the new DIP. The ::1 will then automatically become the VIP. So as a DIP set ::2 while running the LB wizard, this address will be set on the NIC while the ::1 will automatically becomes the VIP and if everything goes right also the IP address for the 6to4 DNS server.

The IPHTTPS prefix is set in the DA config part in the remote access server part under prefixes and then IPv6 prefixes assigned to DA clients.

I understand all but this part "Configure fd80:aea0:34a6:3333::1 as the VIP and set the dip to fd80:aea0:34a6:3333::2 Make sure you define the IPHTTPS prefix to fd80:aea0:34a6:1000::/59 prefix in the config". How do I do it manually?

I can put the DIP but how about VIP? Also, the IPHTTPS prefix?

Thanks a ton for your help !:)

Right,

So please break the Loadbalancing. Then run GPupdate /force on the DA servers

Then set the first server IPv6 adress on the internal interface to fd80:aea0:34a6:3333::1 the second server to fd80:aea0:34a6:3333::3 third and fourth to ::4 and ::5

Run the enable loadbalancing again on the server you assigned ::1 to.

Configure fd80:aea0:34a6:3333::1 as the VIP and set the dip to fd80:aea0:34a6:3333::2 Make sure you define the IPHTTPS prefix to fd80:aea0:34a6:1000::/59 prefix in the config.

Run Gpupdate /force again on all servers.

Check afterwards if the output the netsh int ipv6 dump now sets the fd80:aea0:34a6:3333::1 as the address on the Loopback Pseudo-Interface 1. Also check the local firewall rules on all servers to make sure the DNS rule allows traffic to fd80:aea0:34a6:3333::1

Do not forget to run gpupdate /force on the DA servers after disabling the LB and again after enabling LB.

This is the Output. I also noticed one more thing...The following error on the second server in the NLB.

"The system detected an address conflict for IP address fd80:aea0:34a6:3333::1 with the system having network hardware address 00-15-5D-08-33-0B. Network operations on this system may be disrupted as a result."

State : Enabled AcceptInterface : {Loopback Pseudo-Interface 1} SendInterface : {BE-PROD (DMZ-L3)} OnlySendAQuery : True LatencyMilliseconds : 300 AlwaysSynthesize : False ExclusionList : {0:0:0:0:0:ffff::/96} PrefixMapping : {fd80:aea0:34a6:7777::/96,0.0.0.0/0}

One more thing...I am using Hyper-V Setup here. Do I need to enable MAC Spoofing? I was under the impression that it is only required if we are using Windows NLB.