Issue with accessing the DirectAccess console after removing a Domain Controller

Most people don't know that the DirectAccess servers are tied together with a specific domain controller. In case you decommission the specific domain controller due to upgrade or other reasons the Direct Access console will become inaccessiable.

Unable to open the DirectAccess configuration in the “Remote Access Management Console”
Error message unable to load configuration from “Server.domain.tld”
Error message about missing access permission on the GPO object.

DirectAccess server has a specific EntryPointDc that is used for reading/writing GPO and AD settings.
You can see the settings using the Get-DAEntryPointDC cmdlet on DirectAccess servers.

Use get-DAEntryPointDC

EntryPointName       :
DomainControllerName : Server.domain.tld

EntryPointName       :
DomainControllerName : Server.domain.tld

EntryPointName       :
DomainControllerName : Server.domain.tld

EntryPointName       :
DomainControllerName : Server.domain.tld

This powershell will change any Entrypoint domain controllers that has “ExisitingDC” name:
Set-DAEntryPointDC –ExistingDC "Server.domain.tld" -NewDC "Server.domain.tld" –Force -PassThru

More information


Troubleshooting Setting the Entry Point Domain Controller:



Microsoft Azure Automation - Creating Azure Automation Modules

This video shows how to make Azure Automation Modules that can be used to extend the standard capabilities in Microsoft Azure Automation.


Microsoft Azure Automation Start and Stop Virtual Machines using Runbooks

This short guide will show you how to use Microsoft Azure Automation for managing the start and stop of your Microsoft Azure Virtual Machines.

This guide provides to PowerShell Automation script for Azure Automation:

  • Workflow: Start_My_Azure_VMs - Start_My_Azure_VMs.ps1 (5.26 kb) - Script for starting domain controllers first and than all the rest of the virtual machines on your Azure Subscription
  • Workflow: StopMyAzureVMs - StopMyAzureVMs.ps1 (4.97 kb) - Script for shutting down all virtual machines on your Azure Subscription

See the functionality of the scripts here:

Implementation of the scripts

Here are the steps needed to get everything up and running.

  1. Sign into the Windows Azure Portal (
  2. Subscribe to Azure Automation Preview
  3. Create an Automation Acount (For more information:
  4. Create the "Asset" for the Runbooks
  5. Upload the previously downloaded Automation Runbooks to the Automation Account
  6. Change the names in the Runbooks to reflect the assets and the Domain controllers

 Sign into the Windows Azure Portal and subscribe to Automation Preview 

Sign in to the Azure Portal and navigate to Automation.


 Create the Automation Assets

 Create a Certifcate Asset (It must be a Management Certificate) and a connection asset.


Connection Asset:

Certificate Asset:


Download the Runbooks and upload them to the Automation Account:

Download the files

Start_My_Azure_VMs.ps1 (5.26 kb)

StopMyAzureVMs.ps1 (4.97 kb)

Upload the files to the accounts


Change Asset names and information with the Runbooks





Microsoft Windows DirectAccess Client Troubleshooting Tool

I'm pleased to announce that Microsoft have just released an awesome troubleshooting tool for DirectAccess clients called "Microsoft Windows DirectAccess Client Troubleshooting Tool".


Get the tool here:




Web Application Proxy - HTTP to HTTPS redirect

This article explains how to perform HTTP to HTTPS redirect for deployments of Microsoft Web Application Proxy v1.

The guidance within this article is only for companies that doesn't use a layer 7 application firewall (with the ability to perform HTTP to HTTPS redirect). Most often these firewalls will be Citrix NetScaler, F5, Palo Alto Networks, Barracuda, Fortinet, etc. If your existing firewall support HTTP to HTTP redirect always use the firewall for the redirection.


  • Microsoft Internet Information Service
  • URL Rewrite

Configuring HTTP to HTTPS redirect

Install "Microsoft Internet Information Service" on the "Web Application Proxy" server. It may already be installed depend on the roles that have been added. Open "IIS Manager".

Select the "Web server" and click the "Get New Web Web Application Platform".

Click "Free Download" on the right.

Find the "URL Rewrite" module, click "Add" and then click "Install".

Click "I Accept".

Click "Finish".

Close the "IIS Manager" and re-open the "IIS Manager". Click "URL Rewrite".

Click "Add Rule (s)..."

Click "Blank Rule".

Type "HTTP to HTTPS" in the "Name" textbox and in the "Pattern" textbox type "(.*)".

Navigate down to "Condition" and click "Add".

In the "Condition input" textbox type "{HTTPS}" and under "Patterns" type "^OFF$". Click "OK".

Navigate down to "Action".

Type "https://{HTTP_HOST}/{R:1}" and click "Apply".

Testing the "HTTP to HTTPS" redirect functionality:

Try accessing your site using HTTP. You should see that the page will be automatically redirected to the HTTPS site. See the network trace below for more details. 


Microsoft Windows 2012 R2 - Web Application Proxy support for HTTP

WAP doesn't allow for applications to be published on port 80/HTTP. It will ONLY allow external connections to HTTPS. It will be possible to use the WAP in bridge mode from HTTPS to HTTP, if your internal applications isn't configured for HTTPS internally.

IIS Application Request Routing

If you would like support for HTTP on your Web Application Proxy server you should consider using IIS Application Request Routing (ARR):


You can download the IIS add-on here:

For more information about the Web Application Proxy. See the TechNet overview page: