Reinstalling DA Server - Existing Server Config GPO RRS feed

  • Question

  • I have an OS issue with a DirectAccess server (single site, behind edge device) that even though is working just fine with regards to DA, most likely will require a clean OS reinstall, soon; really soon.

    Since the DA configuration is on the GPO, what are the steps required to reinstall a DA server without having to modify/re-create the existing policies? I've been googling for this for the past hour and so far empty handed.

    I am guessing domain-join the new server using the same AD Computer account but then...?

    Thank you in advance.

    Thursday, November 16, 2017 12:58 PM

All replies

  • If you reinstall the OS, give it the same IP addresses and then add the Remote Access role, and then domain-join it using the same name, it is likely that DirectAccess traffic will be able to flow, but you will have problems with the Remote Access Console that you will have a hard time dealing with.

    I have never run through your exact scenario, but I have done something similar with a customer. In this instance we had two DA servers running in an NLB array, and one of them needed to be rebuilt. Reinstalling the OS and bringing it back online with all of the same name and IP addresses got DA working on it again (the Group Policy settings did apply to it successfully and all of the DA components worked just fine, we could see sessions being directed to it), but the Remote Access Management Console refused to communicate to that node. It would talk to the other DA server that had been running all along, but the RAMC keeps tabs on its servers by a SID, and when you reinstall the OS and re-domain join, that SID has now been changed. RAMC will still be looking for the old one, and your server will not be running that old SID anymore.

    So all in all, in order to do this cleanly and have the console and everything else working in the end, you will have to decommission the DA settings from the old implementation, and then re-build the DA config from scratch on the "new" DA server. In fact, it is even best if you use a completely new hostname for the server after reprepping it, to make sure that you don't have old policy settings still hanging around that apply automatically to the fresh OS and cause you problems down the road.

    Another option is that if DA and the RAMC are still working properly right now, you could turn your single server into a dual server NLB array, that way you continue to have one good server running while you remove and rebuild the other one, and then bring that reprepped box back into the array as a "third" member. For example, if your current server is DA1, you build and add DA2 to the array, then remove DA1 from the array, rebuild it, and then reintroduce it into the array as DA3. That is precisely what we had to do at the customer I worked with in order to make the console happy and able to communicate with the original DA server again.

    Wednesday, December 13, 2017 8:15 PM