DirectAccess Certificate Binding Error


I recently set up a single server DirectAccess box on Server 2012 R2.  I started having problems with clients not properly discovering the Network Location Server.  I logged on to the DirectAccess server and noticed the following on the Remote Access Management Console.

Specifically, the Network Location Server service reported an issue with Certificate Binding and Server Availability.

The specific error was:

The certificate binding for the network location server has been modified. Without the correct certificate, connectivity for DirectAccess clients located in the internal network will not work as expected.

Initially I thought there was something wrong with my DirectAccess certificate.  I also received an error when I checked the certificate in Infrastructure Setup.

The certificate subject name cannot be resolved to a valid IP address.


The DNS entries that DirectAccess creates when it is set up were accidentally deleted in DNS by scavenging rules.

The entries that I had to add back were:


The CorpConnectivityHost entry had both “A” and “AAAA” records. The other two were just “A” records.

After adding these DNS entries, the errors went away.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s