none
Direct Access 2012: Is there a way to manually change the NRPT on the client for troublshooting?

    Question

  • I have a client that is outside of the network. It hasn't got the latest Direct Access Client GPO applied, which updated the NRPT DNS for domain.local. Hence no DNS queries for internal resources are succeeding. The DA connection is up.

    I now need to manually update the NRPT so that DNS for domain.local starts working and then lets the client receive a gpupdate (with the new and correct NRPT). Possible? Tried editing the registry but got access denied.

    Might just be client restrictions..


    CompTIA Security+, EUCIP Operate CiscoCNA(Expired), HP ASE (Expired) Checkpoint CSA, Novell CNA MCSA 2000:Security 2003:Security MCSE NT4 MCSE 2000:Security 2003:Security MCTS - Configuring: Windows 7&Vista, Applications & Network Infrastructure, Active Directory, SBS 2011, 2008 R2 Server & Desktop Virtualization MCITP - 2008 Server & Enterprise Administration, R2 Virtualization Administration MCT 2002-2012

    Friday, December 21, 2012 7:27 PM

Answers

  • Hi

    Technically, NTPT entries are stored in the following registry hive : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig. Administrator level privilege is required

    My advice, perform a a backup of this registry hive, add required new entries and restart the DNSClient Service (DNSCACHE). If you made an error, event 1023 will be registred in the system log of your client computer. So you will need to delete the registry hive and use the backup to rebuild ti.

    Mery chrismas.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Emil Rakoczy Wednesday, December 26, 2012 5:43 PM
    Sunday, December 23, 2012 5:29 PM

All replies

  • Hi

    Technically, NTPT entries are stored in the following registry hive : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig. Administrator level privilege is required

    My advice, perform a a backup of this registry hive, add required new entries and restart the DNSClient Service (DNSCACHE). If you made an error, event 1023 will be registred in the system log of your client computer. So you will need to delete the registry hive and use the backup to rebuild ti.

    Mery chrismas.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Emil Rakoczy Wednesday, December 26, 2012 5:43 PM
    Sunday, December 23, 2012 5:29 PM
  • Thanks BenoitS. I was unable to access that key due to rights issues on the computer.

    Two things:

    Can you check out my other Q here?

    http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/f9fb2a74-15d8-429e-98c5-7b1e60a7d4ea

    The link to your blog is not working... :)


    CompTIA Security+, EUCIP Operate CiscoCNA(Expired), HP ASE (Expired) Checkpoint CSA, Novell CNA MCSA 2000:Security 2003:Security MCSE NT4 MCSE 2000:Security 2003:Security MCTS - Configuring: Windows 7&Vista, Applications & Network Infrastructure, Active Directory, SBS 2011, 2008 R2 Server & Desktop Virtualization MCITP - 2008 Server & Enterprise Administration, R2 Virtualization Administration MCT 2002-2012

    Wednesday, December 26, 2012 5:47 PM
  • Hi

    My blog is now online again. I will have a look at your question later.

    Best regards


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, December 27, 2012 10:10 PM