vendredi 15 octobre 2010

[Update] DirectAccess issue : NRPT table being corrupt

When configuring DirectAccess to support Citrix connections as described on an article of Tom Shinder available here I modify the NRPT on Forefront UAG as below with several DNS servers:
Unfortunately when applying the new GPO on a client this last one couldn't resolve any FQDN...


No problem I decide to plug the laptop on the corporate network to investigate about the issue but same problem, impossible to resolve private FQDN too:
In this case impossible to refresh the GPO, I try to show the NRPT but netsh namspace show effective policy or netsh dnsclient show state return the following message:
« Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator. »

Here's some solution to temporary solve it:
  • Format and reinstall Windows : not acceptable when deploying on a large number of laptop.
  • Or delete NRPT information on the registry as described on http://technet.microsoft.com/de-de/library/ee649182(WS.10).aspx.
    In fact by deleting all sub-folders on HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig and after restarting the DNS client service DNS resolution came back.
But the main problem remain... By analysing the registry entry associated of the modification for  Citrix Secure Gateway something draw my attention:
Each IP address is separated by a comma, it's not a problem for ENU version of Windows 7 but not for the French one for example. Indeed after deleting the others IP address on the registry for a test all working again.

So be careful before a fix by Microsoft not to specify several DNS servers on the NRPT.

Warning this problem belong to DirectAccess, the following products are affected:
  • Windows 2008 R2 DirectAccess feature
  • Forefront UAG RTM
  • Forefront UAG Update 1
  • Forefront UAG Update 2
[Update]: It's possible to temporary avoid the problem by modifying the generated powershell script to replace the comma by a semi-colon. Thanks to Benoît SAUTIERE for the solution.
Publié par Lionel à 14:16
Libellés : , , , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)