DirectAccess DNS Issue

Microsoft DirectAccess is a new type of remote connectivity to an organization’s intranet. DirectAccess use the local DNS servers for regular internet traffic but direct all traffic amid at resources in the organizations intranet to the public facing DirectAccess server. When DirectAccess is set up, a Group Policy Object is made to configure the client computers to use the DirectAccess server for DNS anytime they are not connected to the intranet. The Name Resolution Policy Table (NRPT) contains the settings used by the DNS client on the computer that determines what happens to DNS queries. If DirectAccess is not set up correctly, then the status DirectAccess is shown as “Connecting”. When DirectAccess is in this state it can not contact anything on the corporate domain because the NRPT is telling the DNS queries to go through the DirectAccess connection but the client can’t contact the DirectAccess Server.  This can also be a problem if you need to update the Group Policy to remove the DirectAccess settings.

To force the computer not to use DirectAccess settings:

  1. Open the Microsoft Management Console
  2. Add the Group Policy Object Editor for the Local Computer
  3. Navigate to Computer Configuration/Windows Settings/Name Resolution Policy
  4. Choose “Advanced Global Policy Settings”
  5. Check the box for “Configure roaming options” under “Network Location Dependency”
  6. Choose the “Never use DirectAccess settings in the NRPT”
  7. Choose “Ok” to close and then “Apply” to apply settings
  8. Close out of MMC