Please NOTE: This is NOT one of those "my clients aren't applying the policy" type questions.
In my case, changes to the DA policy are not making any GPO changes. Yes, that's right: I make a policy change, for example a NRPT change (e.g. to add a dummy server in there). I apply the policy and it runs through the wizard to apply the policy starting with backing up GPO objects. The policy is apparently applied - all green ticks and there are no errors. But... the GPOs aren't changed. We do not have any DC replication errors either. (Anyway, I did check multiple DCs and they all show the same policies.)
All of which means that we are unable to effect any DirectAccess changes because nothing new happens to the GPOs.
To be clear: there are no errors on the DA servers. The DA servers think they are apply new policy, but the GPOs never get changed and there are no errors.
I could reinstall the whole DA environment, but I have a ton of roaming "road warrior" clients that would lose connection if I did that.
Any ideas why the DA servers are not changing any of the GPOs?
PS. 2 DA boxes: both fully patched 2016.