While experimenting with Windows Server 2012’s DirectAccess recently, I deleted the Group Policy objects which DirectAccess creates. As you might imagine, this wasn’t the best idea. The result was that the Remote Access Management Console presented a “Configuration Load Error:”
Settings for server <Servername> cannot be retrieved. You do not have permissions to access GPO domain.com<GUID>
Since the GPO didn’t exist anymore, this wasn’t really a surprise. Unfortunately, the error essentially prevented me from accessing the tools necessary to correct my mistake.
Somehow, I had to figure out how to convince Windows to not look for its DirectAccess configuration.
Assuming that such settings were stored in the registry, I searched the HKEY_LOCAL_MACHINE hive for the GUID indicated in the error. I hoped that would get me close, and it did. That search turned up this key: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsRemoteAccessConfig.
This key contained much of the DirectAccess configuration, including a reference to the deleted GPO. I deleted the key and rebooted the server and tried to acces the Remote Access Management Console again. This time, I was presented with a message that the settings were invalid, along with an option to remove the Configuration Settings. Once I did that, I was able to go through the initial Remote Access Setup Wizard and continue my set up on DirectAccess.
Shane Skriletz, PEI
Thanks for this. We had a situation where FRS was broken on our DC. Once this was fixed, replication from a DC with a blank DA GPO config overwrote the good GPO on the authoritative DC. Crazy how you cant reconfigure DA without clearing the previous config in this scenario.