For some weeks ago I visted a new customer to perform a deployment of a very simpel DirectAccess installation. Everything seemed fine the PKI was in place and I though it only would take a couple of hours to deploy and test..... I was so wrong.....
I completed the DirectAccess configuration using the Remote Access Management console for Windows 2012 (MMC) and kicked off the deployment. The deployment keeps failing with the description:
"Security Group domain\SecuritGroup cannot be found"
"The operation failled. All of the specified security groups are invalid"
After a lot of troubleshooting I found that the FRS didn't replicate the newly created Group Policy and when the wizard got to the section where it should add the security Group with the computer objects It couldn't add the security Group to the GPO. For that reason it seems to be performing a rollback. The customer is currently working on fixing the issue. I just spend a lot of time on the troubleshooting so I though I would share it.
The GPO may appear in the Group Policy Management console for a short time before it disappears again due to the rollback
If would have found the solution or anything that may help others please comment on this thread
Check the FRS:
http://support.microsoft.com/kb/272279
Another thing that might be causing this issue is possible name lookup issue.
I have not had the time to perform a deeper analysis of the issue, but I'll share my findings at a later time.
Recovering from a deleted GPO
You will find a similar error discription when some have deleted the GPO.
"Remote Access Management will display the following error message: GPO <GPO name> cannot be found. To remove the configuration settings, take the following steps"
Source: http://technet.microsoft.com/en-us/library/jj134148.aspx#bkmk_1_7_GPOs