I recently set up a single server DirectAccess box on Server 2012 R2. I started having problems with clients not properly discovering the Network Location Server. I logged on to the DirectAccess server and noticed the following on the Remote Access Management Console.
Specifically, the Network Location Server service reported an issue with Certificate Binding and Server Availability.
The specific error was:
The certificate binding for the network location server has been modified. Without the correct certificate, connectivity for DirectAccess clients located in the internal network will not work as expected.
Initially I thought there was something wrong with my DirectAccess certificate. I also received an error when I checked the certificate in Infrastructure Setup.
The certificate subject name cannot be resolved to a valid IP address.
The DNS entries that DirectAccess creates when it is set up were accidentally deleted in DNS by scavenging rules.
The entries that I had to add back were:
The CorpConnectivityHost entry had both “A” and “AAAA” records. The other two were just “A” records.
After adding these DNS entries, the errors went away.