I recently set up a single server DirectAccess box on Server 2012 R2. I started having problems with clients not properly discovering the Network Location Server. I logged on to the DirectAccess server and noticed the following on the Remote Access Management Console.
Specifically, the Network Location Server service reported an issue with Certificate Binding and Server Availability.
The specific error was:
The certificate binding for the network location server has been modified. Without the correct certificate, connectivity for DirectAccess clients located in the internal network will not work as expected.
Initially I thought there was something wrong with my DirectAccess certificate. I also received an error when I checked the certificate in Infrastructure Setup.
The certificate subject name cannot be resolved to a valid IP address.
Solution:
The DNS entries that DirectAccess creates when it is set up were accidentally deleted in DNS by scavenging rules.
The entries that I had to add back were:
DirectAccess-NLS
DirectAccess-WebProbeHost
DirectAccess-CorpConnectivityHost
The CorpConnectivityHost entry had both "A" and "AAAA" records. The other two were just "A" records.
FYI YOU ARE A LIFE SAVER!!!!!!!!! I cant tell you how long I have been banging my head against the wall. The whole time thinking it was a certificate issue. The moment I noticed I couldn't ping directaccess-nls.domain.com I knew there was an issue. Found this and BOOM! Done! Thanks!
ReplyDeleteHello, do you have step by step guidance on this! thank you!
ReplyDeleteHi I too am having this same issue. Would you please add step by step tutorial on how to add these entries back? Thank you!
ReplyDeleteThanks man the dns entries did the trick
ReplyDelete