Network issue when you can’t ping your devices or login to domain computers
Issue
You experiencing the following symptoms
- PING your devices on your network anymore
- DNS resolution works
- NSLookup works
- Domain logon from a joined computer does not work
- Laptops are impacted, not the desktop computers.
You also happen to have Direct Access server.
Solution
Your Direct Access certificate might have expired. Renew them.
When expiring, computers think they are on a external network.
Computer can still not connect
After you’ve renewed your certificates, reboot your computers. You may still not be able to do a gpupdate /force
As a workaround, run the following command on your computers, in a Powershell console.
Get-Item -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig” | Remove-Item -Confirm:$false
Renew Direct Access Self Signed Certificate
You may need the following script to renew your Direct Access self-signed certificate.
https://github.com/richardhicks/directaccess/blob/master/Renew-DaSelfSignedCertificates.ps1
Source
https://directaccess.richardhicks.com/2019/05/02/renew-directaccess-self-signed-certificates/
Was this post helpful?
Let us know if you liked the post. That’s the only way we can improve.