locked
Unable to add Direct access entry point to Multi site deployment RRS feed

  • Question

  • Hi

    we restored DA multi site configuration from backup and trying to add new entry point for branch. I tried from GUI and power shell. In both cases result is the same. I suggest WMI issues and currently working on it. Looks like it fails when trying to configure remote firewall.  I'm confused with "A device attached to the system is not functioning. "
    Thanks for suggestions 

    PS C:\Windows\system32> Add-DAEntryPoint -Force -ComputerName 'blabla.domain.net' -RemoteAccessServer 'newblabla.domain.net' -Name 'Asia Pacific' -DeployNat -ConnectToAddress 'adress.domain.com' -ServerGpoName 'local.domain \DirectAccess Server Settings - Asia Pacific' -InternetInterface 'Ethernet0' -InternalInterface 'Ethernet0' -Verbose

    VERBOSE: Retrieving server GPO details...
    VERBOSE: Opening the server GPO...
    VERBOSE: Opening the server GPOs...
    VERBOSE: Checking for edit permissions on the server GPOs...
    VERBOSE: Performing DirectAccess prerequisite checks on newblabla.domain.net...
    VERBOSE: Opening the client GPOs...
    VERBOSE: Checking for edit permissions on the client GPOs...
    VERBOSE: Clearing existing stale configuration settings. This might take a few minutes...
    VERBOSE: Checking the specified adapters...
    VERBOSE: Deploying the Remote Access server behind NAT...
    VERBOSE: Checking for a native IPv6 deployment...
    VERBOSE: Retrieving internal network DNS settings...
    VERBOSE: Gathering configuration settings...
    VERBOSE:  Adding entry point Asia Pacific to the multisite deployment... The Remote Access server is configured with a single network adapter 'Ethernet0
    ', behind a NAT device.
    VERBOSE: Verifying the GPO to write settings...
    VERBOSE: Checking GPO edit permissions...
    VERBOSE: Creating GPO link if not present...
    VERBOSE: Verifying the IP-HTTPS certificate...
    VERBOSE: Registering the web probe in DNS...
    VERBOSE: Initializing accounting settings...
    VERBOSE: Updating the Network Status Connectivity Indicator (NCSI) site prefix list on DirectAccess client computers in domain local.domain...
    VERBOSE: Updating the Network Connectivity Assistant (NCA) settings on DirectAccess client computers in domain local.domain...
    VERBOSE: Updating the Name Resolution Policy Table (NRPT) on DirectAccess client computers in domain local.domain..
    VERBOSE: Updating the multisite deployment details...
    VERBOSE: Updating the server GPO with the existing global multisite deployment settings...
    VERBOSE: Updating Windows Firewall and Connection Security rules...
    Add-DAEntryPoint : A device attached to the system is not functioning. 
    At line:1 char:1
    + Add-DAEntryPoint -Force -ComputerName 'Eblabla.domain.net' -RemoteAccessServ ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (PS_DAEntryPoint:root/Microsoft/...PS_DAEntryPoint) [Add-DAEntryPoint], CimException
        + FullyQualifiedErrorId : HRESULT 8007001f,Add-DAEntryPoint


    http://www.ereality.ru/reg184541.html


    • Edited by NTFrs Tuesday, April 3, 2018 9:01 PM
    Tuesday, April 3, 2018 8:41 PM

All replies

  • Hi,

    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, April 4, 2018 8:54 AM
  • We have reinstalled new DA entry point server and got the same error 
    I've tried various  tips and tricks
    - remove and add Direct access role
    - Rebuild WMI repository
    - Reset firewall settings
    -sfc /scannow
    -DISM /online /cleanup-image /CheckHealth
    -Used network monitor (no errors)
    -WMI/DCOM/RPC seem to be configured correctly
    but is find errors:

    -Event provider RAMgmtPSProvider attempted to register query "select * from RemoteAccessError" whose target class "RemoteAccessError" in //./ROOT/Microsoft/Windows/RemoteAccess namespace does not exist. The query will be ignored.
    -Event provider  attempted to register query "select * from RemoteAccessError" whose target class "RemoteAccessError" in //./ROOT/Microsoft/Windows/RemoteAccess namespace does not exist. The query will be ignored.

    Namespaces are in place 

    • Edited by NTFrs Thursday, April 5, 2018 11:47 AM
    Thursday, April 5, 2018 11:35 AM
  • Friday, April 6, 2018 7:24 AM
  • Got an error in WMI logs, Seems it is related

    Id = {13C5CA31-1ACA-4BED-8886-193BFE692C13}; ClientMachine = servername; User = domain.lcola\username; ClientProcessId = 6148; Component = Provider; Operation = Start IWbemServices::ExecMethod - root\Microsoft\Windows\RemoteAccess : PS_DAEntryPoint::Add; ResultCode = 0x80041001; PossibleCause = Unknown


    • Edited by NTFrs Tuesday, April 17, 2018 7:51 AM
    Monday, April 9, 2018 11:54 AM
  • I've cleared policies from old entry point with Remove-GPRegistryValue cmdlet (I have no idia why old information was not removed from console while we deleting entrypoint) and try to add new 2016 server as entry point
    Got new error :


    8484: 27: 2018-04-17 09:02:05.243 Waiting on 1 threads in 1 iterations
    8484: 27: 2018-04-17 09:02:05.243 Starting iteration : Handles Currently Waiting = 1, Remaining Handles = 1
    8484: 05: 2018-04-17 09:02:05.703 VERBOSE: Retrieving server GPO details...
    8484: 05: 2018-04-17 09:02:06.726 VERBOSE: Opening the server GPO...
    8484: 05: 2018-04-17 09:02:07.248 VERBOSE: Opening the server GPOs...
    8484: 05: 2018-04-17 09:02:09.140 VERBOSE: Checking for edit permissions on the server GPOs...
    8484: 05: 2018-04-17 09:02:24.223 VERBOSE: Performing DirectAccess prerequisite checks on servername.domain.com...
    8484: 05: 2018-04-17 09:02:37.385 VERBOSE: Opening the client GPOs...
    8484: 05: 2018-04-17 09:02:37.425 VERBOSE: Checking for edit permissions on the client GPOs...
    8484: 05: 2018-04-17 09:02:37.457 VERBOSE: Clearing existing stale configuration settings. This might take a few minutes...
    8484: 05: 2018-04-17 09:02:40.100 VERBOSE: Checking the specified adapters...
    8484: 05: 2018-04-17 09:02:40.101 VERBOSE: Deploying the Remote Access server behind NAT...
    8484: 05: 2018-04-17 09:02:53.131 VERBOSE: Checking for a native IPv6 deployment...
    8484: 05: 2018-04-17 09:02:53.550 VERBOSE: Retrieving internal network DNS settings...
    8484: 05: 2018-04-17 09:02:53.604 VERBOSE: Gathering configuration settings...
    8484: 05: 2018-04-17 09:02:53.607 SHOULDPROCESS:  Adding entry point Asia Pacific to the multisite deployment... The Remote Access server is configured with a single network adapter 'Ethernet0', behind a NAT device.

    8484: 05: 2018-04-17 09:02:53.608 VERBOSE: Verifying the GPO to write settings...
    8484: 05: 2018-04-17 09:02:58.423 VERBOSE: Creating the GPO. Linking the GPO to the domain...
    8484: 05: 2018-04-17 09:03:39.993 VERBOSE: Verifying the IP-HTTPS certificate...
    8484: 05: 2018-04-17 09:03:41.592 VERBOSE: Registering the web probe in DNS...
    8484: 05: 2018-04-17 09:04:05.391 VERBOSE: Initializing accounting settings...
    8484: 27: 2018-04-17 09:04:44.754 TERMINATING ERROR: The cmdlet did not run as expected.
    8484: 27: 2018-04-17 09:04:44.757 Microsoft.ManagementConsole.WorkBridge.DialogBoxes.ApplyConfig+DAApplyException: Error encountered while executing cmdlet
       at Microsoft.ManagementConsole.WorkBridge.DialogBoxes.ApplyConfig.backgroundWorker_Apply_DoWork(Object sender, DoWorkEventArgs e)
    8484: 27: 2018-04-17 09:04:44.759 Initiating rollback..



    • Edited by NTFrs Tuesday, April 17, 2018 7:51 AM
    Tuesday, April 17, 2018 7:30 AM
  • "8484: 05: 2018-04-17 09:04:05.391 VERBOSE: Initializing accounting settings...
    8484: 27: 2018-04-17 09:04:44.754 TERMINATING ERROR: The cmdlet did not run as expected.
    8484: 27: 2018-04-17 09:04:44.757 "

    I got this also when trying to add a new windows 2016 multisite entry point.

    The multisite was created with windows 2012R2 initially and all the other entry points are 2012R2,  but one entry point was decommissioned and now I try to replace it with a new 2016 server. No luck so far.

    Did you ever find a solution to this?

    Wednesday, September 12, 2018 1:33 PM
  • Hi
    Unfortunately no. We have opened a case to vendor and provided all logs and trace files - no luck
    I've deployed new 2016 Direct Access Multisite and switch the users to new deployment  
    Friday, September 14, 2018 7:59 AM