locked
W2K12R2 DirectAccess GPO NRPT exemption error RRS feed

  • Question

  • Hi all

    I'm installing a DirectAccess Multisite solution with two servers, one for each site. Configuration was ok and clients Windows 8.x can connect (even Windows 10 TP connects). But now, everytime I want to make a change to the Infrastructure Servers, I get these errors:

    Error: Exemption entry fqdn_site2 cannot be modified or deleted in the NRPT.

    Error: Exemption entry fqdn_site1 cannot be modified or deleted in the NRPT.

    No matter what setting or combination I try to change (NLS, DNS, DNS Suffix and/or Management), I always get stuck with the same error and this error start to show when Multisite was configured (when there was no Multisite, I could change anything I want without any issues)

    Can you help me with this one? Thanks in advance and regards.



    • Edited by Victor San Saturday, November 15, 2014 10:25 AM
    Saturday, November 15, 2014 9:58 AM

All replies

  • What kind of hostnames (and excemptions) have you configured in your NRPT?


    Boudewijn Plomp | BPMi Infrastructure & Security

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".

    Thursday, November 20, 2014 2:31 PM
  • I have four entries: two for both FQDN entry points, one for the NLS and another for Any Suffix (that one is the only that has a DNS entry -the IPv4 of the the internal NIC of the first DA server)

    Thanks and regards


    • Edited by Victor San Friday, November 21, 2014 7:53 AM
    Friday, November 21, 2014 7:53 AM
  • I have four entries: two for both FQDN entry points, one for the NLS and another for Any Suffix (that one is the only that has a DNS entry -the IPv4 of the the internal NIC of the first DA server)

    Thanks and regards


    You don't have to include the FQDN for your Entry Points. They are already added automatically.

    Normally you have at least two entries:

    • yourdomain.local (to an IPv6 Address of your DNS64 Server Address)
    • directaccess-nls.yourdomain.local (as an exclusion to bypass DirectAccess)


    Boudewijn Plomp | BPMi Infrastructure & Security

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".


    Friday, November 21, 2014 11:16 AM
  • I have four entries: two for both FQDN entry points, one for the NLS and another for Any Suffix (that one is the only that has a DNS entry -the IPv4 of the the internal NIC of the first DA server)

    Thanks and regards


    You don't have to include the FQDN for your Entry Points. They are already added automatically.

    Normally you have at least two entries:

    • yourdomain.local (to an IPv6 Address of your DNS64 Server Address)
    • directaccess-nls.yourdomain.local (as an exclusion to bypass DirectAccess)


    Boudewijn Plomp | BPMi Infrastructure & Security

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".


    I know; the four entries were already configured by the DA wizard (I didn't include anything manually) The only entry that doesn't match is that I have "Any Suffix" instead of "yourdomain.local". I'll try to add it to the configuration, because I can't change the "Any Suffix" entry, and try again.

    Thanks and regards

    Saturday, November 22, 2014 11:22 PM
  • I am seeing same error on my setup, can you let me know how did u fix the issue.

    -Ashish

    Monday, June 1, 2015 12:11 PM
  • I was able to fix the issue by removing and readding the entry point.

    -Ashish

    Thursday, June 11, 2015 8:31 PM
  • Just use PowerShell cmdlet instead of the GUI:

    Add-DAClientDnsConfiguration

    Use get-help Add-DAClientDnsConfiguration for info on the command.

    Tuesday, February 16, 2016 10:14 PM