During a recent DirectAccess implementation, our team was left perplexed at an issue with DirectAccess. The DirectAccess connection was listed in Network Settings, but its status was stuck at “connecting” and the connection would ultimately fail. This issue occurred across multiple Lenovo devices, although a few machines were able to connect for a few seconds before disconnecting. At the same time, a few other machines were able to connect perfectly fine. Some initial troubleshooting steps included re-imaging the laptops, verifying the DirectAccess wizard settings, and completely rebuilding the DirectAccess setup.
We were convinced that this was a network issue until I came across this forum on Lenovo’s site. The headlining post stated that the Intel Online Connect tool breaks DirectAccess, preventing machines from connecting. This tool is pushed down by the Lenovo System Updater. After uninstalling the Intel Online Connect tool, DirectAccess connected immediately and and was able to maintain the connection. We noticed that the Intel Online Connect tool does not get installed automatically, but is instead marked as an “urgent update.”
Intel Online Connect allows your laptop to act as a multifactor device, and lets you use the fingerprint sensor to quickly authorize payments. As of now we have been able to validate that it completely breaks DirectAccess. It would be very easy for a user to unintentionally install this tool if they have the Lenovo System Updater available to them. The tool is only available for Lenovo devices with seventh or eighth generation Intel processors, so anyone working with clients who are getting new Lenovo machines should look out for this.