DirectAccess Policy Configuration Error

I'm receiving an error after configuring Direct Access.  Running Server 2008 R2 on all servers.  Direct access is set up on a VM.
DA was running and working without issue a few months ago, then stopped.  After opening a ticket, it was discovered that a certificate had expired.  After this issue was resolved is when the error started.  I can go through the entire DA configuration
without error, save it and apply.  Clients are not able to connect.  Once I go back and access the DA Management \ Setup screen, the error appears.  After clicking OK on the error message, all DA settings are lost as if it had never been configured.
Error:
Failed to read the XML file.  Error: The value of the following XML tag is missing or is not valid: root:GPO:ClientGPO:SecurityGroup:<DA_Clients>:<group>
This line does appear to be missing from the XML file.  Iv'e had a ticket open with MS for 3+ months now with no resolution.
Any help would be greatly appreciated.
Thanks, Bryan

After letting things sit for a few days, now getting a new error.
The Group Policy object named DirectAccess Policy~(xxxxx) exists, but you do not have edit or link permissions.
Nothing has changed with the permissions, and I have verified the permissions.  Of course logged in as Domain Admin.  Completely removed Group Policy and DA, rebooted and reinstalled.  The original error still occurs after closing then accessing
DA set up again, but wondering if this new error was present previously, but somehow not popping up.
My next thought was to set up a new DA server.  That brought on a new problem as it is unable to access the DC.  it has internet connectivity, but no local connectivity.  However, it allows me to join it to the domain.  Both internal
and external IPs are set up correctly.  Verified all settings comparing to the existing DA server.
I'm open to discussion/ideas for either or both issues!

Similar Messages

  • Error 812: The connection was prevented because of a policy configuration on your RAS/VPN server

    Hi,
    Just wondering if anyone can help.
    We have set up RAS/VPN on our Windows Server 2012 Essentials server. One of our users when trying to log in gets the below error when trying to connect to VPN:
    "Error 812: The connection was prevented because of a policy configuration on your RAS/VPN server. Specifically the authentication method used by the server to verify your username and password may not match the authentication method configured in your
    connection profile. Please contact the Administrator of the RAS server and notify them of this error."
    The domain admin account can log in to VPN fine and any new AD account that I create can log in fine, but just not this particular user account. I checked that this account has "Dial In" access on their user account on AD and on the Anywhere Access
    tab on the users properties in Windows server 2012 Essentials Dashboard the "Allow Virtual Private Network (VPN)" is ticked. They are a member of the RA_AllowVPNAccess security group.
    I also configured the authentication protocol MS-CHAPv2 on the server and on the client. I also tried to connect using PPTP rather than automatic, with no luck.
    I did some searching on the Internet, but virtually all of the resolutions for this issue are related to setup or configuration problems that would result in the VPN either consistently working or not-working.  I tried changing a number of the NPS policies,
    since the error seemed to point to an NPS issue, but this did not resolve the problem.
    I'm buffled why just this user cannot connect to VPN.
    Any thoughts?

    Hi,
    à
    The domain admin account can log in to VPN fine and any new AD account that I create can log in fine, but just not this particular user account.
    It is really a strange issue. I noticed that you have checked “Dial-in” tab of this problematic user properties
    in ADUC. Just a confirmation, did you mean that “Allow access” option was checked under Network Access Permission? Or anything I misunderstand?
    On current situation, please view the problematic account properties on Dashboard and navigate to
    Anywhere Access tab, and please uncheck “Allow Virtual Private Network (VPN)” option and click Apply button. Then please re-check
    “Allow Virtual Private Network (VPN)” option and apply again. Any difference?
    By the way, did you check the event logs if find any related event or error?
    If anything I misunderstand or any update, please don’t hesitate to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Adobe CS5 Configuration Error 16

    Hi,
    I am having an issue on my Macs running Adobe CS5 installed via Adobe's default installer with a volume license key. I have local non-adminstrator mobile user accounts that authenticate to open directory. They are non syncing.
    On some machines, when a mobile user logs in and tries to run any Adobe app, there is a pop up with CS5 Configuration Error 16. Please reinstall Adobe CS5. I've checked the permissions of the directories listed in http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html#main_AdobeP CD
    and they are correct. I've determined that the root cause is a cache.db-journal file that belongs to a different user. If I delete this file (as admin), the problem goes away. What causes this file to exist? What causes it to persist between users? Should I add a login script to delete the cache.db-journal file if it exists?
    Thanks.

    I finally got everything working, despite the ineffectual help of the Adobe support team. Maybe my solution will be helpful.
    I loaded a duplicate of my system saved BEFORE installing the Cloud Manager onto another drive. Then I loaded the Cloud Manager onto my current boot drive and sure enough, got the Error 16. Then I loaded the OLD version of the Adobe PCD file from my duplicate drive. No go. Then I loaded the OLD SLStore file. Still Error 16.
    BUT then I replaced the SLCache folder and BINGO! problem gone. I noticed in the folder is another called SLConfigs. I am not sure it is a permissions issue or something that happens to this file when the Cloud Manager updates these files, but by reloading the pre-install version of this foldeer I have fixed the problem. I repeated the fix on another machine. I have now downloaded the CC apps with no issues.

  • Configuration Error 15: CS5 Photoshop for Mac OSX

    I have been running Photoshop on my computer for quite a while. This morning, when I tried to open the program, I received a Configuration Error: 15 and was told to uninstall and reinstall the program. I did this (twice), and still receive the same error.
    I searched all throughout the forums, and the only answer I could find was in regards to error 16 (seems like a similar problem), and followed this link: http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html
    Unfortunately, my computer does not appear to have the SLS Store or Adobe PCD folders in the Library/Application Support/Adobe folder, so I cannot try this solution to see if it works for me.
    I have successfully opened InDesign, Illustrator and Dreamweaver today. Only Photoshop is not working.
    Any help would be greatly appreciated.
    Thank you.

    None of my FULL PRICE CS6 Creative suite works, or Adobe Acrobat xi PRO. 
    all error 16 
    followed instructions on link. Does absolutly nothing. Wated 4k over 2 years on Adobe. I removed and un-installed all products, per Adobe instructions, re-installed. same problem. re-installed Maverics. same problem.
    Contacted Apple was told it was a liceincing issue with adobe server and to contact Adobe for patch. Adobe charges for tech support when you buy their products.  Nothing like buying a new car, then having to rent the Keys!
    Adobe feel free to adress your cutomer base at anytime as we are all having problems.
    If anyone finds answer or can understand the person on the tech support please post answer.

  • Configuration error: 16

    I recieve this configuration error each time i exit and reopen adobe indesign.Than to fix it, i have to uninstall and reinstall the product.
    I even tried Adobe cleaner tool, still didnt work!
    Any idea on how to fix this issue permanantly?

    This error means that permissions to application folders are set incorrectly.
    More info on this error:
    http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html

  • Configuration error - please uninstall and reinstall the product

    Configuration error - please uninstall and reinstall the product - Installieren lässt sich Indesign jedoch nicht
    Da frage ich mich, was zu tun ist
    thank you

    Hi tututinu
    Please refer the below KB Doc : http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html
    Or check the below forum post : http://forums.adobe.com/message/3008803

  • SMD Configuration Error - SSO -  for PI 1.1 Ehp1

    Hi All,
    When I am running the Managed System Configuration wizard for PI 7.1 Ehp1 system I am getting an error in SSO configuration step. My Solution Manager is on SP21. It says "sap.com/com.sap.xi.mdtmdt".I have checked for this. In PI 7.1 Ehp1, I think it has been renamed to sap.com/com.sap.xi.mdt2**mdt. So it is throughing the error. Can I do this manually.
    The SSO ticket Certificate <OU=J2EE,CN=SMP> has been successfully imported into ticket Keystore
    The ticket ACL has been updated with : sys=SMP,000 iss=OU=J2EE,CN=SMP dn=OU=J2EE,CN=SMP
    The Authentication template for component sap.com/tcmonitoringsysteminfo*monitoring has been set to ticket
    The Authentication template for component sap.com/tcmonitoringsysteminfo*sap_monitoring has been set to ticket
    The Authentication template for component sap.com/com.sap.xi.directory*dir has been set to ticket
    The Authentication template for component sap.com/com.sap.xi.rwb*rwb has been set to ticket
    SSO Setup for XI apps failed : a problem occured while changing the authentication templates
    SSO setup failed : error while updating login modules : No such policy configuration: sap.com/com.sap.xi.mdt*mdt
    The SSO ticket Certificate <CN=SMP> has been successfully imported into ticket Keystore
    The Login Modules for validating SSO tickets were already installed
    I have one more question. In one of the host the SMD Agent is already installed on Java 1.4.2. I have installed PI 7.1 ehp1 on the same VM server (on different Host), So in PI the SAP JVM is of 5.0. When I try to do the managed system configuration, it is not completing the configuration. When I connect it to the SMD with sap JVVM 5.0, it is working fine.
    Do I need to have 2 SMD agents on the same host as the java version is changed?
    Thanks,
    Ramu J

    Hi
    I resolve this issue changing the roles of the user what access the UME Backend...
    In my case... SPML with role SPML_FULL_ACCESS.
    Add the Role Administrator and run the step again.
    Note 1647157 - How to Set up Access to the SPML Service on AS Java

  • Policy Store Error in Import Definitions In Oracle I/PM (11.1.1.6.0)

    Hi All,
         At present I am trying to implement the imaging solution. When I try to import the definitions from I/PM it's giving me the following error.
         Policy Store Error: The User 100.weblogic does not exist in the policy store.
         Policy Store Error: The Group 100.PayablesProcessor does not exist in the policy store.
        I am unable to understand why it's giving the above error.
        User 'weblogic' and Group 'PayablesProcessor'  exists on myrealm. Unable to understand why error showing '100.weblogic' and '100.PayablesProcessor'.
        Invoices.xml comes with Solution Accelerator mentioned the user & group is 'weblogic' and 'PayablesProcessor' .
        So many times I configure the Accelerator but never faced the above issue.
        I tried to resolve the above to run refreshIPMSecurity() command but no luck.
       Could you please help me to resolve this issue ?
       Thanks in advance.

    Hi,
    The request to connect from the client is reaching the server but it seems the parsing of the service name is either wrong or the information is correct. Here are a couple of suggestions.
    If you have a good known set of sqlnet.ora and tnsnames.ora files on another client where the same connection descriptor works, then backup the curreny client network config files and copy the good known files to the Windows 2008 web server where you see the error. Make sure you recycle the worker processes once the files have been copied.
    Try to connect via Ezconnect and by pass the config files to see if you get the same error.
    //hostname:port/servicenameofdb
    where hostname is the machine where the target database is running
    port is the port on the DB machine where the tns listener is running and listening
    service name is the service name of the target DB
    Use this syntax in the connect string box when attempting to connect from SQL PLUS out of the ODAC home.
    You can also run lsnrctl utility on the server and vertify there is a handler for the service name or instance that is the target,
    HTH
    Jenny B.

  • Content Player / Policy Configuration component login modules

    Problem using Content Player u2013 HTTP 401 errors, not authorized
    Because of security concerns, we have modified our login Policy Configuration component, u201Cticketu201D to no longer use the login module u201CBasicPasswordLoginModuleu201D. We use the login module u201CSAMLLoginModuleu201D instead and direct our users through our Shibboleth based identity provider.
    We now are having a problem with the Content Player. We have configured it in http://<server>:<port>/lms/mediator/config with connection information including a username and password for both access to the ABAP system and the CMS user. We also have set SNC.
    With the BasicPasswordLoginModule removed, we get HTTP 401 errors, not authorized. We see this in a pop-up window when we try to run a WBT course and we see it in the trace files.
    When we put the BasicPasswordLoginModule back in place, we can access the course.
    We are looking for a way to redirect the Content Player to a different Policy Configuration component that we can then allow to include the BasicPasswordLoginModule.
    Is this possible?
    Where is the configuration defined that directs the Content Player to use that default Policy Configuration component?
    Can we change it to use a different Policy Configuration component?
    Deb Nugent

    It appears that we cannot (or should not) redirect the login module for the Content Player to something other than the "ticket" login method. Since we require Content Player, we re-added the BasicLoginPassword Module to the "ticket" method of logon. We knew this would allow Content Player to work. We are using other / additional security measures to ensure no one is directly accessing our systems with username/password.
    Thank-you all.
    Deb Nugent.

  • Configuration Error 16 on Creative Suite 6 Design and Web Premium

    Hello,
    I recently began receiving a Configuration Error 16 message when I attempt to launch any of the CS6 applications.
    I attempted to follow the instructions here:
    http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html
    However, when I attempted to go to the SLStore and Adobe PCD folders in Finder, I discovered that neither folder actually exists.  (I'm guessing this may be a key cause of the problem.)
    I am wary of uninstalling and reinstalling, simply because I was provided a free download of CS6 Design and Web Premium by the University of California, Berkeley, which I attend.  I can produce my software license number upon request.
    Simply, how do I go about fixing this problem?  If a full uninstall and reinstall are the solution, will I be able to do so freely?
    I am using Mac OS 10.8.4
    Thank you very much,
    Chad

    Have a look here, looks like it may be a permissions issue:
    http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html

  • Getting Configuration Error 16 when trying to install Elements 12

    Also, it won't accept my Adobe password, just used to get here, and to get the installer for Elements 12 in the first place!

    start here, http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html

  • Configuration error     213:5

    Upgraded to CC on desktop (Mac pro-10.8.4)  and laptop (MacBook pro-10.8.4)  everything works fine on the dtop machine but I get the following message on the laptop
    Configuration Error
    A problem has occured with the licensing of this product. Restart your computer and re-launch the product.
    If this problem still occurs after restarting, contact Customer Support for further assistance, and mention the error code shown at the bottom of this screen.
    Error: 213:5
    http://www.adobe.com/support/
    This happens with all the software I have tried to open (Ps Id Ic Ai Pr Sg Au Pl Ae An Fl Dw) except Muse, Lightroom, Reflow, Code, Scout and Bridge
    any ideas how to proceed?

    Hi,
    You have a permission issue with your SLStore directory.  I would recommend completing solution 2 of "Configuration error" CS5 -
    http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error- cs5.html#main_SLStore.
    -Pragya

  • Configuration Error/ Error: 5

    Every time I try to open Adobe Muse I get a Configuration Error: 5 that tells me to uninstall and reinstall the application and then immediately Muse crashes after the message pops up. I've tried uninstalling it several times, even uninstalling my whole  creative cloud and nothing is working. I feel like this started occurring after I updated my Muse. Any answers as to how I can fix the problem?

    Hi,
    You have a permission issue with your SLStore directory.  I would recommend completing solution 2 of "Configuration error" CS5 -
    http://helpx.adobe.com/x-productkb/policy-pricing/configuration-error- cs5.html#main_SLStore.
    -Pragya

  • I have had audition for 2 years.  Today it crashed.  It gave a configuration error: 16  The message said to uninstall and reinstall.  I did.  Still the same error.  Then I searched forum and checked the two folder permissions.  They were correct.  So what

    I have had audition for 2 years.  Today it crashed.  It gave a configuration error: 16  The message said to uninstall and reinstall.  I did.  Still the same error.  Then I searched forum and checked the two folder permissions.  They were correct.  So what do I do???????

    Hi Charles,
    Please refer the following helps article on the problem.
    https://helpx.adobe.com/x-productkb/policy-pricing/configuration-error-cs5.html
    Hope this helps.
    Regards,
    Sumit Singh

  • NWA 7.3 : Looking for "security roles" (Policy Configuration) ...

    Hi guys,
    We deployed a simple application in our new SAP NW 7.3 JAVA instance; by calling the application, we receive "error 403 : Error: You are not authorized to view the requested resource."; this was fixed wihtin NW 7.x by adding a user/group within security roles of the selected component ( Visual Admin => Security Provider => Policy Configurations => select component and than security roles );
    where to do this within NWA 7.3 ?
    any ideas;
    Thanks
    Oliver

    Hi Oliver,
    Procedure
      Start SAP NetWeaver Administrator with the quick link /nwa/auth.
      Choose Components.
      Select a policy configuration.
      On the Authentication Stack tab, choose the Edit pushbutton.
      Determine if you want to use an existing template or if you want to change the policy configuration of the current component. 
    To use an existing template, select a template from the Used Template field.
    For authscheme references, select a template from Used Authscheme.
    The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.
      To change the policy configuration of the current component, do the following: 
    Add and remove login modules as required.
    The system applies the login modules in the order they appear in the list.
      Set a processing flag for each login module. 
    For more information about login module flags, see Policy Configurations and Authentication Stacks.
      Add and remove any options to the login modules.
      Set the authentication stack parameters according to the type of policy configuration. 
    Please,go through below help file
    http://help.sap.com/saphelp_nw73/helpdata/en/4a/734e26fa92731fe10000000a42189c/frameset.htm
    Cheers
    Revanth Pasupuleti

Maybe you are looking for