Issue with accessing the DirectAccess console after removing a Domain Controller

Most people don’t know that the DirectAccess servers are tied together with a specific domain controller. In case you decommission the specific domain controller due to upgrade or other reasons the Direct Access console will become inaccessiable.

Symptom:
Unable to open the DirectAccess configuration in the “Remote Access Management Console”
Error message unable to load configuration from “Server.domain.tld”
Error message about missing access permission on the GPO object.

Cause:
DirectAccess server has a specific EntryPointDc that is used for reading/writing GPO and AD settings.
You can see the settings using the Get-DAEntryPointDC cmdlet on DirectAccess servers.

Use get-DAEntryPointDC

EntryPointName       : DirectAccess-AU.domain.com
DomainControllerName : Server.domain.tld

EntryPointName       : DirectAccess-CN.domain.com
DomainControllerName : Server.domain.tld

EntryPointName       : DirectAccess-DK.domain.com
DomainControllerName : Server.domain.tld

EntryPointName       : DirectAccess-US.domain.com
DomainControllerName : Server.domain.tld

Fix:
This powershell will change any Entrypoint domain controllers that has “ExisitingDC” name:
Set-DAEntryPointDC –ExistingDC “Server.domain.tld” -NewDC “Server.domain.tld” –Force -PassThru
More information

Set-DAEntryPointDC: http://technet.microsoft.com/en-us/library/hh918412.aspx

Troubleshooting Setting the Entry Point Domain Controller: http://technet.microsoft.com/en-us/library/jj591656.aspx

3 thoughts on “Issue with accessing the DirectAccess console after removing a Domain Controller”

  • this command do not work for me
    I get
    set-daentrypointdc : You must enable a multisite deployment before performing this operation. Use the
    Enable-DAMultiSite cmdlet to do this.
    Fylly qualified ErrorID: REMOTEACCESS 132,Set-DAEntryPointDC

    please note I have already enabled Multisite and i’m trying to remove old domain contoller entry

  • Wonderful post! THank you! YOu saved me hours !

    • Got this problem my self but i have a single site. With single site you use “refresh management servers” in DA console to updated or with cmd: “Update-DaMgmtServer”

      If you google it is almost impossible to find how you do this on single site so it is important to make the distinction that above is only for multisite

Comments are closed.