Cannot Run the DirectAccess Setup Wizard

Updated: November 18, 2009

Applies To: Windows Server 2008 R2

If the DirectAccess server does not meet DirectAccess configuration requirements, when you run the DirectAccess Management snap-in and click Setup in the console tree, the DirectAccess Management snap-in displays a series of messages indicating the error conditions that exist.

The following table lists the most common error messages, a description of the error condition, and the steps to correct it.

Error message Error condition and the steps to correct

The current security context is not associated or accessible to Active Directory Domain Services (AD DS).

The DirectAccess server cannot reach a domain controller of the domain in which it is a member. Verify the connection to your intranet and name resolution and reachability to an intranet domain controller.

The DirectAccess server must be joined to an Active Directory domain. Please join this server to a domain and then try again.

The DirectAccess server cannot be a standalone server. Join it to the appropriate AD DS domain.

The Active Directory domain is unreachable. Unable to get domain information.

The DirectAccess server cannot reach a domain controller of the domain in which it is a member. Verify the connection to your intranet and name resolution and reachability to an intranet domain controller.

The DirectAccess server must have two or more physical network interfaces. Verify that you have two or more interfaces and then try again.

The DirectAccess server requires two physical or virtual network adapters corresponding to two local area network (LAN) or wireless LAN (WLAN) network adapters that are installed in the DirectAccess server computer.

At least two network interfaces must be configured with static IP addresses. Please contact the network administrator to obtain and assign static IP addresses to this server.

The network connections corresponding to the network adapters for the DirectAccess server’s connection to the Internet and intranet must be configured with static Internet Protocol version 4 (IPv4) addresses. They cannot use the Dynamic Host Configuration Protocol (DHCP) to obtain an IPv4 address configuration.

The DirectAccess server must have two consecutive public IPv4 addresses configured on the same physical interface. Configure IPv4 addresses and try again.

At least one of the network connections corresponding to the network adapters installed in the DirectAccess server must have two, consecutive public IPv4 addresses statically assigned. These two consecutive addresses are needed by the DirectAccess server to act as a Teredo server. Obtain two consecutive addresses and assign them to a network adapter on the DirectAccess server.

Note
The DirectAccess Management console sorts the public IPv4 addresses alphabetically. Therefore, the DirectAccess Management console does not consider the following sets of addresses as consecutive: w.x.y.9 and w.x.y.10, which is sorted as w.x.y.10, w.x.y.9; w.x.y.99 and w.x.y.100, which is sorted as w.x.y.100, w.x.y.99; w.x.y.1, w.x.y.2, and w.x.y.10, which is sorted as w.x.y.1, w.x.y.10, w.x.y.2. Use a different set of consecutive addresses.

For additional information about events and errors encountered by the DirectAccess Management snap-in, see the %SystemRoot%\Tracing\DASetup.log file.

For more information about the configuration requirements of the DirectAccess server, see Appendix A: DirectAccess Requirements and Checklist: Preparing Your DirectAccess Server.