Direct Access it’s a new way to simplify the access to the Corporate Network over the Internet. One of the main feature the connection establish over the 443 port but this required Windows 8 / 8.1 Enterprise offer only under Open Licence Agreement..
According to a lot of website and tutorials the installation of Direct (1 Nic, NAT, behind a firewall, no PKI) was straight forward. But with my deploy, I found pitfall and there’s one MIcrosoft Technet really cover up the Prerequisite.
On my end, the key was to turn on the Firewall on each laptop / server (at least the Direct Access server).
Turn off the ISATAP by running in elevated command prompt.
netsh int ipv6 isatap set state disabled
You should run this, on the DC, the computer and the Direct Access.
The last point is to run on the DC : dnscmd /config /globalqueryblocklist wpad
After this, I was able to successfully connect.
To complete, the wizard and normally the default config (the only thing I suggest you adjust it’s the group (create a dedicated group for DA) and remove the checkbox for the Laptop only) after you should be good to Go.