Manually remove Direct Access from a client

So why would I even want to do this, isn’t Direct Access is great?

Well yes, when Direct Access is working it is great, unless you are using Citrix without a Citrix Secure Gateway. So why is it good to know how to manually remove the Direct Access from a client. I ran in to a problem last week, when changing the Network Location server location some clients got stuck. The NLS server was changed but the NRPT didnt get the change before triggering the Direct Access connection. AND to make things worse had the customer had problems that stopped the clients from connecting through Direct Access from the inside.

So there I was, when a client refreshed the Direct Access GPO it stopped working. So we disabled the GPO, that stopped new clients getting in to this dark place that is broken Direct Access.Well we still had a couple of clients that now were on the corporate network but still couldn’t access any resources. Fortunately fixing a single computer is quite easy.

  • Make sure you have administrative rights
  • Remove all keys below HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig
  • Restart the DNS Cache

Now you should be able to access the network and download a working copy of the GPO using a standard gpupdate.

For simplicity I saved the required powershell.

Comments

  1. Deon says:

    I ran into the same problem so Thank you very much.

  2. John says:

    Thanks!! Tested DirectAccess and got in trouble

  3. Nice!

  4. Steve says:

    7 hours. 7 hours of pulling out my hair trying to figure out why my network was down. 7 Hours to find the amazing GEM of a post in the Great Grey Cloud of Garbage. you literally saved my sanity and job!

  5. Sven says:

    Thanks a lot man, got my GPO’s back 🙂

  6. Thanks, this was very helpful in getting a Hyper-V server registering with DNS again! Funny how you need those network connections…

  7. Uttam says:

    Thanks a lot, after struggling for several hours with netsh, group policy, interfaces, etc. I finally fixed it this way. My problem was that I was that DirectAccess was not working an in the event viewer I discovered a error stating that name resolution policy table is corrupt.

  8. Fat Boy TIm says:

    Legend! THANK YOU!

  9. THANK YOU!!! My Direct Access screwed up out of the blue after working fine for years and no amount of fuckarsery would get it back up again, worse still – none of my Surface Pro 3 and 4’s could connect to Internal Resources for some reason at all … 2 days later I stumbled across this article and they are now back connected internally … now I can work on the actual Direct Access issue again.

    But I think I might just scrap the while Direct Access server and run up a new one from scratch, had enough of buggering around with this!

    Cheers!

Leave a Reply