So there is probably not a simple answer available. * If they exist and contain settings, are the security filtering still correct?īasically, the situation you have seen multiple times now, should not happen. * Do the above GPos still contain any settings? * Does the DirectAccess Client/Server GPO still exist? This will allow your clients to verify that they are on the corporate network even if your DA server crashes like it has done for you multiple times now. To start, move your NLS to another internal website. This allows the client to use it's provided DNS servers to resolve all names and finally reconnect the corporate network. The only way I've been able to fix this is to delete all the registry entries under : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows The local network () but since it lost it's configuration it can't complete those requests for the client.
This makes them continually try to use the Direct Access server to resolve I'm guessing that since they can't ping an internal resource, but can ping the outside IP of my Direct Access server they think they are outside. More often then not this happens at night or over the weekend andĪt this point the clients are locked in a mode where they constantly think they are outside the company network.
On the client end, as long as the laptop never leaves the company network in enough time for it to pull down the latest GPO settings that remove the Direct access settings, it will be fine. Sadly the process repeats it self a few days later Re-create the server, re-join, and then redeploy Direct Access. The only way I can get it working again is to dis-join the server from the domain, revoke the certificates, Even if I remove the settings, restart, and re-apply the same thing happens. If I try to re-deploy with the same settings the wizard completes butĪfter 10-20 minutes I get the same error on the Remote Access Dashboard. So it appears that the server has forgotten it was configured for Direct Access. I also notice that the Server Manager has a message to finish the Post Deployment tasks for Remote Access. At this point I'll check the Direct access server and I see the error mentioned in the summary of this post on the Remote Access Dashboard. I usually notice the issue when a user in our Direct Access test pool complains that they cannot access their mapped drives. Internal CA for the certificates which doesn't seem to be an issue since it works at 1st. My external DNS name isn't resolvable internally and opposite is setup with my internal DNS name. Now I'm at a loss as to what the issue is. The 2nd time I thought it was aĬonfiguration issue with the external name being resolvable internally and externally. The 1st time I chalked it up to a failed HD on our ESXi host that was taking the server offline. I've rebuilt our 2012 Server running Direct Access 3 times now and each time I thought I found the issue causing the problem. End-to-end authentication to specific application servers is disabled DirectAccess client access and remote management is enabled.Internal Name that isn't resolvable externally :
Server : Server 2012 as a VM in VMware ESXi 5.1 (1 CPU, 4GB, 1 NIC)Įxternal Name that isn't resolvable internally : Some names from both domains are resolvable internally and externally (on separate IP's). Split brain DNS for with the following domains I have the following allowed and routed to my directaccess server Why does the Direct Access client not fail gracefully and why does it lock direct access clients from getting back on the corporate network Firewall Setup Why does the Direct Access server work for a few days and then fail with no way (as far as I can tell) to recoverĢ.
What I'm having trouble figuring out isġ. Rebuild a new one, but the issue pops up again after a few days. I can usually get Direct Access working again only if take down the current Direct Access server and At this timeĪll Direct Access clients who leave the corporate network cannot get back on the coporate network until the registry settings for Direct Access are deleted. Configuration for server cannot be retrieved from the domain controller". Direct access 2012 works for a few days, then we receive the following message on the Remote Access Dashboard : "Configuration Status : Unavailable.