For some reason, the rules that come from DA GPOs had been duplicated.The originals from GPOs were named as “UAGDA Rule1” to “UAGDA Rule3” and the duplicates were named simply “Rule 1” to “Rule 3” (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Dns Client\Dns Policy Config).The fix is easy enough though as long as you have a computer that is running Direct Access and it has not pulled down a corrupt NRPT table.The problem generally happens when a computer checks in with the Domain Controllers and does a GP refresh. But, as with all cool technologies, sometimes things go wrong.
Imagine the look on my face when I arrived back from lunch and all of my “Test” subjects (aka co-workers) were mentioning that they could no longer access any LAN resources!
I sheepishly hunkered down into my cube and furiously began working on a fix.
Well Microsoft promised this couldn’t happen as of UAG/DA update 1, but I am running UAG/DA update 2 and I can assure you, it can still happen.
The key you want to export is “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Dns Client\Dns Policy Config”.
Then on the victims PC open up the same spot in the registry and remove the subkeys UNDER the Dns Policy Config key.