Export (0) Print
Expand All

Troubleshooting DirectAccess

Published: October 2, 2013

Updated: June 25, 2014

Applies To: Windows Server 2012, Windows Server 2012 Essentials, Windows Server 2012 R2, Windows Server 2012 R2 Essentials



Follow these steps to troubleshoot Remote Access (DirectAccess) issues.

 

Issue

Resolution

Remote Access management console is unable to show the DirectAccess configuration

  • If you are troubleshooting a multisite deployment, ensure that the domain controller closest to the entry point is available.

  • Use the Get-DAEntrypointDC cmdlet to retrieve the name of the domain controller closest to the entry point. If the domain controller is not running, use the Set-DAEntryPointDC cmdlet to point to another domain controller.

  • Run gpresult from an elevated command prompt on the server to ensure the server is getting the DirectAccess Group Policy Objects.

  • Enable user interface (UI) logging.

  • Use the following command to start Windows PowerShell logging:

    logman create trace ETWTrace -ow -o c:\ETWTrace.etl -p {AAD4C46D-56DE-4F98-BDA2-B5EAEBDD2B04} 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode 0x2 -max 2048 -ets 
    logman update trace ETWTrace -p {62DFF3DA-7513-4FCA-BC73-25B111FBB1DB} 0xffffffffffffffff 0xff -ets
    <repro>
    
    
  • Close and reopen the user interface.

  • Disable Windows Powershell logging. Collect the Event Trace Log files. Also, collect all the logs from the %windir%/tracing folder.

Applying the DirectAccess configuration fails

  • If you are troubleshooting a multisite deployment, ensure that the domain controller closest to the entry point is available.

  • Use the Get-DAEntrypointDC cmdlet to retrieve the name of the domain controller closest to the entry point. If the domain controller is not running, use the Set-DAEntryPointDC cmdlet to point to another domain controller.

  • Use the following command to start Windows Powershell logging:

    logman create trace ETWTrace -ow -o c:\ETWTrace.etl -p {AAD4C46D-56DE-4F98-BDA2-B5EAEBDD2B04} 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode 0x2 -max 2048 -ets 
    logman update trace ETWTrace -p {62DFF3DA-7513-4FCA-BC73-25B111FBB1DB} 0xffffffffffffffff 0xff -ets
    <repro>
    
    
  • Click Apply.

  • After the failure occurs, disable Windows Powershell logging, and collect the Event Trace Log.

DirectAccess is configured, but clients are not able to connect to internal resources

  • Click the Operations Status tab in the Remote Access Management console, and ensure that all the components show a green icon. If not, check the error details and follow the resolution steps.

  • Run the Remote Access Server Best Practices Analyzer (BPA). If there are any warnings or errors, follow the resolution steps to resolve the issue.

Encountering issues related to a multisite configuration (for example, enabling a multisite, adding entry points, or setting the domain controller for an entry point)

Follow the steps in Troubleshoot a Multisite Deployment.

Configuration status tile on the dashboard shows a warning or error

Follow the steps in Monitor the configuration distribution status of the Remote Access server.

Encountering issues related to configuring load balancing (for example, the configuration fails when you enable load balancing, or there are issues when you add or remove servers from a cluster)

If you were enabling load balancing or adding a node, and the configuration refreshed when you clicked Apply, but the cluster didn’t form correctly on the server, run the following command: cmd.exe /c "reg add HKLM\SYSTEM\CurrentControlSet\Services\RaMgmtSvc\Parameters /f /v DebugFlag /t REG_DWORD /d ""0xffffffff"" " to collect the user interface logs on the new server.

Operations status shows an error or warning after following steps to correct the situation

If the operations status is showing incorrect information (such as errors—even after you fix them):

  • Enable the registry key cmd.exe /c "reg add HKLM\SYSTEM\CurrentControlSet\Services\RaMgmtSvc\Parameters /f /v EnableTracing /t REG_DWORD /d ""5"" ".

  • Refresh the operations status and collect the logs from %windir%/tracing.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft