Microsoft DirectAccess - Unable to launch applications - Error 516

We have Windows 10 laptops configured with Microsoft DirectAccess (VPN solution built in to Windows, providing always on connectivity to company network). These laptops have Parallels Client Version 15.5 (64bit) that connects to a pair of remote application servers.

When connected via DirectAccess we are unable to launch applications via the Parallels Client. The Client window connects to the application server and populates our lists of applications, but when trying to launch an application we see an error.

[516] - The Client could not access the remote application.

When the same laptop is connected directly to the company network (wired or wireless), the applications launch just fine. I feel like this may have something to do with Windows Firewall (which has to be enabled for DirectAccess), but the Firewall is switched on when connected directly to company LAN or when using DirectAccess, so not sure.

Any suggestions greatly appriciated.

 

Did you already try changing the "connection mode" in Parallels Client.
If you have no issues pinging the server directly, try Direct mode.
However, if you set the mode to Gateway (with or without SSL) it should always work because the client will be going through the same gateway used for the application listing.

 

We have this exact same issue, however it is only affecting 1 user. We have now setup over 20 users on Parallels and everyone is setup the same way. They are all able to connect just fine except this one user. This user can connect to their office desktop from a laptop using Parallels when in the office, but when they try with the same laptop from outside of the office the connection fails with the 516 error. A different user tried connecting to this users desktop PC from outside the office and they can connect to it just fine. The problem user also tried installing parallels on their home PC and are unable to connect in from there either.

 

@BenR5 Is the 'problem user' using Microsoft DirectAccess or a different vpn?

 

I'm still suffering with this problem, just started to spend some time on investigating again. I've come across something that may be useful in a log file (C:\ProgramData\Parallels\RASLogs\controller.log).

- User (user1@domain) connected from client (fda3:a921:8312.....), machine (LAPTOP1)() mode Gateway, using OS: Microsoft Windows 10 Enterprise 2015 LTSB Edition (x64) , Client version: 15.5 (build 16283).
- Resource LB User 'user1' Server 'SERVER01' Session state: 0 - New Session
- Client Rules: rule 'Policy' matched. User: user1 Gateway: 192.168.1.30 Mac Address:
- User user1@domain, Client LAPTOP1, Address 192.168.0.1:58601 wants to open "#129" Application, Server SERVER01:3389 is available

The client 'LAPTOP1' is connected to DirectAccess, therefore has an IPv6 address.
SERVER01 is an application server.
192.168.1.30 is the Parallels Gateway
192.168.0.1 is the IP address of the DirectAccess VPN server on the internal LAN

It looks to me like Parallels receives the request to launch the application from the remote laptop with its IPv6 address, then tries to start the application using the name of the remote laptop, but using the IPv4 address of the DirectAccess server instead of the IPv6 address of the remote laptop. Seems to me the gateway gets confused about where the request for the application came from, the remote laptop or the VPN server, this is why the application does not start.

The last line above should read:
User user1@domain, Client LAPTOP1, Address fda3:a921:8312.....:58601 wants to open "#129" Application, Server SERVER01:3389 is available

 

@MatthewP11
In the last line of your log portion you posted, the address shown what the public IP of LAPTOP1 looks like to the gateway. Thus it makes sense that it is giving the DirectAccess VPN's IP.

Error 516 means that the client could perform an RDP connection to the given server. In gateway mode, this could be an indication that the gateway was unable to connect to the RDP server (SERVER01:3389) that was provided by the publishing agent.