W2K12R2 DirectAccess GPO NRPT exemption error

Hi all

I'm installing a DirectAccess Multisite solution with two servers, one for each site. Configuration was ok and clients Windows 8.x can connect (even Windows 10 TP connects). But now, everytime I want to make a change to the Infrastructure Servers, I get these errors:

Error: Exemption entry fqdn_site2 cannot be modified or deleted in the NRPT.

Error: Exemption entry fqdn_site1 cannot be modified or deleted in the NRPT.

No matter what setting or combination I try to change (NLS, DNS, DNS Suffix and/or Management), I always get stuck with the same error and this error start to show when Multisite was configured (when there was no Multisite, I could change anything I want without any issues)

Can you help me with this one? Thanks in advance and regards.



  • Edited by Victor San Saturday, November 15, 2014 10:25 AM
November 15th, 2014 9:58am

What kind of hostnames (and excemptions) have you configured in your NRPT?

Free Windows Admin Tool Kit Click here and download it now
November 20th, 2014 2:31pm

I have four entries: two for both FQDN entry points, one for the NLS and another for Any Suffix (that one is the only that has a DNS entry -the IPv4 of the the internal NIC of the first DA server)

Thanks and regards


  • Edited by Victor San Friday, November 21, 2014 7:53 AM
November 21st, 2014 7:53am

I have four entries: two for both FQDN entry points, one for the NLS and another for Any Suffix (that one is the only that has a DNS entry -the IPv4 of the the internal NIC of the first DA server)

Thanks and regards


You don't have to include the FQDN for your Entry Points. They are already added automatically.

Normally you have at least two entries:

  • yourdomain.local (to an IPv6 Address of your DNS64 Server Address)
  • directaccess-nls.yourdomain.local (as an exclusion to bypass DirectAccess)
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2014 11:16am

I have four entries: two for both FQDN entry points, one for the NLS and another for Any Suffix (that one is the only that has a DNS entry -the IPv4 of the the internal NIC of the first DA server)

Thanks and regards


You don't have to include the FQDN for your Entry Points. They are already added automatically.

Normally you have at least two entries:

  • yourdomain.local (to an IPv6 Address of your DNS64 Server Address)
  • directaccess-nls.yourdomain.local (as an exclusion to bypass DirectAccess)
November 22nd, 2014 11:22pm

I am seeing same error on my setup, can you let me know how did u fix the issue.

-Ashish

Free Windows Admin Tool Kit Click here and download it now
June 1st, 2015 8:12am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics