Hi Experts and fellow MVPs!
I have a Little Problem with my DirectAccess Setup and sincerely hope that one of you has some good ideas for me...
My Setup is quite simple: I have a small Network with two Win 2012 Servers that are running as DCs + Fileservers + RADIUS + some other smaller Services. They are located behind a NAT Firewall. So what I wanted to do now is enable Direct Access on one of those DCs just for my Win8 Clients using IP-over-HTTPS. (So a plain IPv4 deployment...) So I tried using the wizard, specifying DA only, One NIC behind a Firewall, and my DNS Name. The wizard run through OK up to the section "Finishing operations after applying configuration" where it failed with "Configuration Settings cannot be retrieved from the DirectAccess Server GPO". And then it started a rollback.
Watching the wizard run I could see that it did create and link those GPOs before it got rolled back.
When I tried running it through the advanced wizard I got the same error. The interesting Thing came when I pre-created the GPO objects. Then the wizard failed with an "Access Denied" error message writing to the Server GPO, although I had set Everyone -> Full Control + Anonymous Logon -> Full Control on that policy and my Account is of course Domain Admin, Enterprise Admin, Schema Admin, and everything else admin...
My guess right now would be that this has something todo with the Default Domain Controller hardening policy, although the Event Logs Show no Errors. (And the DA wizard also didn't give me a logfile or something...)
I would very much appreciate any ideas on that or any help you can give me in getting this Setup running.
Thanks
Rick