Skip to main content

Server 2012 DirectAccess and a Missing GPO

By January 15, 2013June 1st, 2022Blog, Microsoft, Virtualization, Windows Server

While experimenting with Windows Server 2012’s DirectAccess recently, I deleted the Group Policy objects which DirectAccess creates. As you might imagine, this wasn’t the best idea. The result was that the Remote Access Management Console presented a “Configuration Load Error:”

Settings for server <Servername> cannot be retrieved. You do not have permissions to access GPO domain.com<GUID>

Since the GPO didn’t exist anymore, this wasn’t really a surprise. Unfortunately, the error essentially prevented me from accessing the tools necessary to correct my mistake.

Somehow, I had to figure out how to convince Windows to not look for its DirectAccess configuration.

Assuming that such settings were stored in the registry, I searched the HKEY_LOCAL_MACHINE hive for the GUID indicated in the error. I hoped that would get me close, and it did. That search turned up this key: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsRemoteAccessConfig.

This key contained much of the DirectAccess configuration, including a reference to the deleted GPO. I deleted the key and rebooted the server and tried to acces the Remote Access Management Console again. This time, I was presented with a message that the settings were invalid, along with an option to remove the Configuration Settings. Once I did that, I was able to go through the initial Remote Access Setup Wizard and continue my set up on DirectAccess.

Shane Skriletz, PEI

 

One Comment

  • Jeeg says:

    Thanks for this. We had a situation where FRS was broken on our DC. Once this was fixed, replication from a DC with a blank DA GPO config overwrote the good GPO on the authoritative DC. Crazy how you cant reconfigure DA without clearing the previous config in this scenario.

Leave a Reply