DirectAccess gives error "Configuration for server cannot be retrieved from the domain controller" RRS feed

  • Question

  • I am getting the error "Configuration for server cannot be retrieved from the domain controller" in the Operations status in the DirectAccess dashboard. I have verified that the GPO's have been created in Active Directory successfully. I did gpupdate from the Domain controller but still the issue persists. 

    Running the command 'gpresult /R' on the DirectAccess server shows the group policy was applied from the Domain controller successfully. But then I don't understand why the dashboard shows the error.

    Please suggest what could be the cause for this error.


    Friday, May 23, 2014 6:37 AM

All replies

  • Hi

    This situation can happen if your DirectAccess Gateway configuration have two network interfaces and the Internet faced interface have access to the domain controller. In this siutation, it's firewall profile is not public as expected but Domain. If it's your situation, be sure you cannot reach any domain controller from the Internet facing interface.

    Best regards.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Saturday, May 24, 2014 9:45 AM
  • I fully agree on BenoitS. That could be the case.

    I don't know when this started to happen, but I have seen situations; where it worked until you enable NLB. It causes a DIP (Deticated IP Address Change). As you may understand, you must make sure you have access with the new Dedicated IP Address. Mostly this is an issue with internal firewalls. But I'm not sure if this is your case. One thing is for sure, if you get that message your DirectAccess doesn't get the GPO applied.

    Boudewijn Plomp, BPMi Infrastructure & Security

    Please remember, if you see a post that helped you please click "Vote as Helpful" and if it answered your question, please click "Mark as Answer".

    Friday, September 19, 2014 8:00 PM
  • Also have you checked "gpresult /r" from a elevated cmd.

    which will give you the list of applied GPOs list and see if you have the "DirectAccess Server Settings" ??

    If that's filtered out for some reason, please post that output here. 

    Wednesday, October 1, 2014 3:51 PM
  • Make sure the remote registry service is running.  I couldn't install the role because of a GPO that disabled this service.  Then once that GPO was applied again, couldn't load the configuration data.
    Wednesday, February 11, 2015 1:58 PM
  • I am also seeing same kind of issue, but i see this only when i enable NLB. Can anyone let me know what all things i can check to make sure what can be causing the issue.


    Sunday, February 15, 2015 11:42 PM
  • Hi There - i have also seen instances in WNLB / NLB for DirectAccess where the IPv6 Address gets removed from the during configuration - perhaps check this is still present as well. If it has been removed copy the DA Servers IPv6 Address back in to the NLB. Also seen this removed whilst changing from Unicast to Multicast.


    John Davies

    Tuesday, February 24, 2015 9:39 AM
  • It also happened With me, after someone renamed my Domain Admin account(!). And a second time, after some genious blocked some ports between the DA and DC servers.

    It is (most likely) a network issue, second a user right issue (least likely).

    Sometimes just time and a reboot fixes this issue for me.

    Wednesday, March 4, 2015 9:38 AM
  • Our situation was one of our Domain Controllers did not have the DA Policy in it's Sysvol. This was the DC the DA server was looking to. Why the GPO wasn't there is under investigation, but a manual copy of the GPO to the DC, then a gpupdate /force on the DA server fixed this issue.

    Thursday, June 25, 2015 7:16 PM
  • Thanks for posting the solution here, appreciate it.
    Wednesday, July 1, 2015 9:30 AM
  • Hi There - I have seen this issue a few times when AD Sites and Services do not have the subnet for the DA Internal Leg assigned to a site, especially within a large Enterprise Environment (actually this happened last week) - when the subnet was added to the respective Datacentre the configuration could be retrieved successfully.


    John Davies

    • Proposed as answer by Icon8000 Thursday, July 16, 2015 6:59 AM
    Wednesday, July 8, 2015 7:28 AM