• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DA Client - Disable IPHTTPS interface

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> DA Client - Disable IPHTTPS interface Page: [1]
Login
Message << Older Topic   Newer Topic >>
DA Client - Disable IPHTTPS interface - 21.Dec.2010 8:13:44 AM   
PatrickM

 

Posts: 110
Joined: 23.May2001
From: Skutskär, Sweden
Status: offline
How do you disable IPHTTPS interface on the DA client?
I managed to disable teredo and 6to4 using netsh.

I have used netsh "set interface" command but I fail
...................
Sets the properties of an IPHTTPS client or server interface.

Syntax

set interface [[ url= ] ( url )] [[ state= ] ( enabled | disabled | default )] [[authmode= ] ( none | certificates )]
...................
set interface httpstunnel set interface https://server.foo.local/IPHTTPS state=disabled

set interface httpstunnel set interface https://server.foo.local/IPHTTPS diabled

set interface httpstunnel set interface https://server.foo.local/IPHTTPS none

I am pretty sure I am doing this wrong....

Thanks

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0
Post #: 1
RE: DA Client - Disable IPHTTPS interface - 21.Dec.2010 9:54:52 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Not sure you can disable it manually using netsh, but you can disable it via Group Policy if this helps...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to PatrickM)
Post #: 2
RE: DA Client - Disable IPHTTPS interface - 4.Jan.2011 12:28:06 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
You should be able to set it from netsh - but I've tried it in my lab and keep getting a syntax error.

Jason is right that you can disable it from GPO - but there should be a way to disable it from netsh.

Let me see if I can find the answer.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 3
RE: DA Client - Disable IPHTTPS interface - 27.Jan.2011 3:04:55 AM   
PatrickM

 

Posts: 110
Joined: 23.May2001
From: Skutskär, Sweden
Status: offline
Went with the GPO solution for now, but, little slow when you need to toggle on/off interfaces in the POC/lab a few times.

@tshinder, got any news on netsh?

Thanks!

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to tshinder)
Post #: 4
RE: DA Client - Disable IPHTTPS interface - 27.Jan.2011 11:53:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Patrick,

Indeed - this is an "undocumented feature" regarding netsh :)

HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState. If this is set to a value of 3, IP-HTTPS is disabled

This is useful for testing.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PatrickM)
Post #: 5
RE: DA Client - Disable IPHTTPS interface - 27.Jan.2011 6:31:50 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: tshinder

Hi Patrick,

Indeed - this is an "undocumented feature" regarding netsh :)

HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState. If this is set to a value of 3, IP-HTTPS is disabled

This is useful for testing.

HTH,
Tom


Which is essentially what the GPO applies, yes???

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 6
RE: DA Client - Disable IPHTTPS interface - 31.Jan.2011 3:26:26 AM   
PatrickM

 

Posts: 110
Joined: 23.May2001
From: Skutskär, Sweden
Status: offline
Yes, as it looks.
:)
Thanks!

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to Jason Jones)
Post #: 7
RE: DA Client - Disable IPHTTPS interface - 1.Feb.2011 7:00:08 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: Jason Jones

quote:

ORIGINAL: tshinder

Hi Patrick,

Indeed - this is an "undocumented feature" regarding netsh :)

HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState. If this is set to a value of 3, IP-HTTPS is disabled

This is useful for testing.

HTH,
Tom


Which is essentially what the GPO applies, yes???


Yes - the Reg entry is useful if you just want to do a quick test on the client - when GP is refreshed, it will revert to the enabled state.


Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 8
RE: DA Client - Disable IPHTTPS interface - 7.Mar.2011 8:00:48 AM   
PatrickM

 

Posts: 110
Joined: 23.May2001
From: Skutskär, Sweden
Status: offline
In Reply to http://tinyurl.com/69akje6 (EdgeManBlog)

I'd just testad disabeling IPHTTPS inferface through DeviceManager and it woks well.. (Posted by Christoph Falta)

Remember to check "Show Hidden Devices" (the View menu) and it (iphhtpsinterface) appears under "Network adapters", just rightclick and disable.
When Youre done, rightclick and enable.

-PatrickM

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to PatrickM)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> DA Client - Disable IPHTTPS interface Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts