Nope no errors. I'm using Server 2012R2, so UAG isn't necessary and IPv6 isn't required on the domain end.
My guess is that the DA server isn't talking to the DC so it can't authenticate the clients through the tunnel. The only error I have to work with is: [cid:[email protected]] and my gpresult /r looks like this: --------------------------------------------------- OS Configuration: Member Server OS Version: 6.3.9600 Site Name: N/A Roaming Profile: N/A Local Profile: C:\Users\wadmin Connected over a slow link?: No USER SETTINGS -------------- CN=WADMIN,OU=Resource Accounts,DC=NINCAL,DC=com Last time Group Policy was applied: 4/24/2015 at 11:48:24 AM Group Policy was applied from: NINS2.NINCAL.COM Group Policy slow link threshold: 500 kbps Domain Name: NINCAL Domain Type: Windows 2008 or later Applied Group Policy Objects ----------------------------- N/A The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Information Systems Exemptions Filtering: Denied (Security) Local Group Policy Filtering: Not Applied (Empty) Default Domain Policy Filtering: Denied (Security) The user is a part of the following security groups --------------------------------------------------- Information Services Permissions Group Everyone BUILTIN\Users BUILTIN\Administrators REMOTE INTERACTIVE LOGON NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users This Organization LOCAL RTCHSDomainServices Direct Access and VPN Users FACSys Administrator Domain Admins Domain Users Schema Admins Everyone Denied RODC Password Replication Group SQLServer2005MSSQLUser$NINS1$BKUPEXEC Track-It! Technicians See I don't even get a Computer Settings section, and the domain is a Computer Settings applicable policy... so that's an issue but there's no error as to why it doesn't even attempt to apply Computer Settings. What kind of firewall exemptions did you implement for your Domain Controllers when you implemented Direct Access? -R -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Friday, April 24, 2015 12:02 PM To: [email protected] Subject: Re: [NTSysADM] Hey All, I'm having a mind boggling problem with Direct Access I'm not sure what problem it is that your having here. However, I'm using DA on 2008R2, over UAG 2010 SP1, so what I say next might not apply: My DA box is only a member of the group I called GatewayServers, which gets the Gateway GPO settings, and my box does indeed show that applied, when running 'gpresult /r'. Anything in the event logs after up do the 'gpupdate /force'? Kurt On Fri, Apr 24, 2015 at 11:51 AM, Robb Whiting <[email protected]<mailto:[email protected]>> wrote: > Hmmm... > > I was using a domain administrator account, which was able to create and push > the accounts to the DC. > > But I believe after that it then needs to go back to the DC and grab the > configuration to make sure everyone agrees. > > That's the step that's failing. > > It's able to create and push the GPOs just fine, just not allowed to retrieve > them from the domain controller. > > When I do a gpresult /r It shows that it applies none of my Computer > Policies... > > It doesn't even show that any are found. In fact, it only shows me a USER > SETTINGS section. > > Why can't I get my machine that has permissions to apply a GPO to do so for > for the computer account for which it qualifies. > > Perhaps there is something in my DC GPO setting that needs to be changed to > allow the DC to send the GPO? > > -R > > > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Friday, April 24, 2015 11:42 AM > To: [email protected]<mailto:[email protected]> > Subject: Re: [NTSysADM] Hey All, I'm having a mind boggling problem > with Direct Access > > I assume, from your description, that you're trying to push the DA > configuration to the GPOs that it's trying to set up? > > If that's the case, under what account are you doing the DA configuration? > > I used a standard-grade Domain User-only account when configuring > DirectAccess that I set up to be an administrator on the box. > > If that's what you're doing, you will want to pre-create empty GPOs, then set > security on them to allow your DirectAccess administrator account to update > them. > > Kurt > > On Fri, Apr 24, 2015 at 9:49 AM, Robb Whiting > <[email protected]<mailto:[email protected]>> wrote: >> I've set up Direct Access correctly as far as I know, but for some reason in >> the Dashboard, no matter what I do, it says it can never get the >> configuration from the Domain Controller. >> >> I can ping and access the domain controller just fine, but it still >> refuses to get the GPO configuration even when I run a gpupdate >> /force >> >> If I get a report, gpreport /r it says that there are no Applied Group >> Policy objects despite the fact that GP for Direct Access Server has the >> server listed in it. >> >> Why the heck won't it get that darn GPO configuration. It seems it has >> sent it to the server but cannot receive it back. >> >> I'm assuming this has some sort of effect that also makes it so when my >> clients try to connect to direct access it just says connecting and spins >> forever... >> >> Anyone know how to get this to work (my VPN settings work fine by the >> way) >> >> -R >> >> >> >> > >
