Hi everyone,

We are using DirectAccess over Server 2012. There is just one server, no load balancing.

Everything works fine, all clients can connect successfully and operations status page shows all in green. Nevertheless on the dashboard page in the configuration status section it say Configuration for server [servername] cannot be retrieved from the domain controller.

I found a few hints what could cause this problem:

In my case, the RAConfigTask, a scheduled task, was not enabled on the affected WS2012 server (DA entry point in a multisite deployment). After just enabling it, the errors has gone." http://blog.gocloud-security.ch/2013/01/11/ws2012-directaccess-and-the-configuration-for-server-server-name-retrieved-from-the-domain-controller-cannot-be-applied-error/

Group Policy was filtering out my DA server from the GPO object for some reason. To fix, I opened up Group Policy Management on the domain controller and made sure that my DA server was a part of the group."http://www.joedissmeyer.com/2012/12/more-issues-and-solutions-for.html

Server has no connectivity to the domain in order to update the policies. Run gpupdate /force on the server to force policy update. GPO replication might be required in order to retrieve the updated configuration.  This could be because there is no writable domain controller in the Active Directory site of the Remote Access server. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/56fedb17-1274-4e1a-b2d0-fea809f0bc45

I checked everything. Task is enabled and completed successfully, GPO is not filtered out, run gpupdate without any errors, could connect to domain controller, no errors on domain controller, domain controller is writable.

So, I have no idea what could cause this error. Any ideas or hints?

Thanks

Regards

Sebastian

• Edited by skrueck Thursday, June 13, 2013 1:48 PM

You should check if the DC that DirectAccess communicates with is still available. Each entrypoint will pick a domain controller to communicate and it will get/write the policy only against that DC.

for this you should use the get-daentrypointdc command

Hi,

We also have this problem in a new deployment.  I have added the server subnet to sites and services and also added the server account to the GPO object and removed authenticated users.  Tried running Set-DAEntryPointDC command but it's not a multi site deployment so doesn't apply.

Suggestion:  Do 2012 ADMX GPO Templates require installing?    

Tried a re-install but still no joy.  Anyone else got any suggestions for further troubleshooting steps?  Thanks.

• Edited by MattRW Friday, July 24, 2015 9:37 AM
• Proposed as answer by MattRW 14 hours 50 minutes ago

Hi,

We also have this problem in a new deployment.  I have added the server subnet to sites and services and also added the server account to the GPO object and removed authenticated users.  Tried running Set-DAEntryPointDC command but it's not a multi site deployment so doesn't apply.

Suggestion:  Do 2012 ADMX GPO Templates require installing?    

Tried a re-install but still no joy.  Anyone else got any suggestions for further troubleshooting steps?  Thanks.

• Edited by MattRW Friday, July 24, 2015 9:37 AM
• Proposed as answer by MattRW Friday, July 31, 2015 4:34 PM

Hi,

Managed to crack this, redeployed a fresh version of Windows 2012.  Patched but did not upgrade .NET, left it as native.  Increased the IPv4 adapter order up so it was higher than IPv6.  Internet / DMZ link added a missing default gateway.  Internal LAN removed default gateway.  DOS - added a static route for the internal LAN.

• Proposed as answer by MattRW 14 hours 51 minutes ago

Hi,

Managed to crack this, redeployed a fresh version of Windows 2012.  Patched but did not upgrade .NET, left it as native.  Increased the IPv4 adapter order up so it was higher than IPv6.  Internet / DMZ link added a missing default gateway.  Internal LAN removed default gateway.  DOS - added a static route for the internal LAN.

• Proposed as answer by MattRW Friday, July 31, 2015 4:34 PM