Hi all,
We have successfully implemented DirectAccess 2012 and are using it now for two months. We have noticed a few strange issues at startup of a DirectAccess client:
- Logonscripts are not always being executed
- The networkdrives are not always being mapped and red crosses are being shown in the windows explorer. This presents problems with a few of our network applications, which depend on the accessibility of the drives.
At startup, our DA-clients generate a series of warnings and error events in the eventviewer, which confirms there is indeed no immediate network connectivity at startup:
- 1014 - DNS Client Events
Name resolution for the name_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.<internal domain fqdn> timed out after none of the configured DNS servers responded. - 5719 - Netlogon
This computer was not able to set up a secure session with a domain controller in domain <internal domain> due to the following: there are currently no logon servers available to service the logon request. - 1129 - Grouppolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. - 130 - Timeservice
NtpClient was unable to set a domain peer to use as a time source because of failure in establishing a trust relationship between this computer and the domain in order to securely synchronize time.
If the logonscreen appears and the user waits for 20-30 seconds, then all is normal: i.e. the logonscript runs and GPO's are being applied. However, if the user immediately logs on then it seems this is done using cached credentials en no GPO, nor logonscript, is being applied, resulting in missing network connectivity. A few minutes after logon the GPO and timesync are back to normal and all domain connectivity is re-established. Except, of course, for the network mappings, which have to activated manually and the other things that are run from the logonscript.
The issue is reproducible on a virtual W7-client and leads back to the DirectAccess Client Settings GPO. When applied, the events occur at startup. But if we remove or disable the GPO link, then all domain connectivity at startup is okay and none of the events is being logged.
We already have experimented with the GPO setting GPO setting “Always wait for the network at computer startup and logon”, but unfortunately this was not the solution for the events showing up.
It looks like the introduction of the NRPT is the main cause for our issues. But is this by design or can it be tackled? I would like to have a confirmation that we're not the only one having this problems. And if possible if there is a solution.
Thanks!