I've set up a DirectAccess server on Windows Server 2012 at my workplace. I'm using a Windows 8 Enterprise client to connect to it. It works fine over a mobile connection, but it fails when connecting from home. I've ruled out the firewall/router as the culprit as the issues persist when connecting the laptop directly to the cable modem.

I'm not sure where to begin to debug this, does anyone have any pointers? Both Teredo and IPHTTPS interfaces are up (although as the server is behind a NAT and we only have 1 public IP I understand that IPHTTPS is the only protocol that will be used).

The IPHTTPS tunnel also seems to be connected:

netsh interface httpstunnel show interfaces

Interface IPHTTPSInterface (Group Policy)  Parameters
------------------------------------------------------------
Role                       : client
URL                        : https://redacted:443/IPHTTPS
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

however the DirectAccess link can't be activated - get-daconnectionstatus cycles between

Status    : Error
Substatus : CouldNotContactDirectAccessServer

and

Status    : Error
Substatus : RemoteNetworkAuthenticationFailure

Any suggestions on how to attack this are appreciated!