Getting IP-HTTPS error code 0x274c?

Hello fellow DirectAccess admins!  I apologize for the long gap since my last posting.  I’ve been pretty heads down with a lot of DirectAccess work in the field and haven’t had much spare time to write new articles.  I’m hoping to bring a bunch of new articles in the coming weeks!

Now for todays’ posting, we are going to discuss a very common IP-HTTPS error code 0x274c.

As reference, you can run the following command on your DirectAccess client to check the state of the IP-HTTPS adapter :

netsh int https show int

You will get an output that will show the current state of the connection. A good connection should show error code 0×0 like below :

Good IP-HTTPS connection

Good IP-HTTPS connection

If you run into connection issues from the DirectAccess client to the DirectAccess server, it will show error code 0x274c with the following text : failed to connect to the IPHTTPS server. Waiting to reconnect

I’ve seen this error with many customers in the past and realized I totally forgot to include with error code with the rest of my published IP-HTTPS errors!  This error code literally means :

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

So we need to figure out why your DirectAccess clients cannot get their TCP/443 IP-HTTPS packets to the DirectAccess server.  Some common causes I’ve seen for this error code include :

– DirectAccess client cannot resolve the DNS name for the IP-HTTPS server
– Firewall or device along the network path blocking TCP/443 to the DirectAccess server
– Misconfigured external NAT mapping to the internal
– Misconfigured load balancer not passing traffic to the DirectAccess server

My usual troubleshooting is to try to ping the DNS name listed in the URL field.  In the example above, I would try to ping da.contoso.com.  Make sure it resolves to an IP address and it’s the correct external public IPv4 address.

If this is correct, then try to connect to the DNS name using the following PowerShell cmdlet on Windows 8.1 clients :

Test-NetConnection -Port 443 -ComputerName da.contoso.com | ft TcpTestSucceeded

Replace the da.contoso.com with your DNS IP-HTTPS name for your environment.  Check to see if the output shows false.  If so, then it’s time to involve your networking team to find out why the connection fails from the Internet.
If you have Windows 8 or 7 clients, you can use the telnet command from the command line.  It’s not installed by default in the OS so you might have to add it (easily done in PowerShell by running : Add-ClientFeature –Name TelnetClient).  Once you have the telnet client installed, you can try to connect using the following syntax (replace da.contoso.com with your IP-HTTPS endpoint DNS name) :

telnet da.contoso.com 443

When you run this command and the connection is successful, then the screen will go blank which is good.  If it doesn’t, the command will eventually timeout and this means the DirectAccess server is not reachable from the Internet and again it’s time to involve the network team to see where it might be blocked.

Hope this helps the community and feel free to leave any comments below!

Tags: , , , , , , , , , , , , , , , , , , ,

Categories: Uncategorized

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: