Most people don't know that the DirectAccess servers are tied together with a specific domain controller. In case you decommission the specific domain controller due to upgrade or other reasons the Direct Access console will become inaccessiable.
Symptom:
Unable to open the DirectAccess configuration in the “Remote Access Management Console”
Error message unable to load configuration from “Server.domain.tld”
Error message about missing access permission on the GPO object.
Cause:
DirectAccess server has a specific EntryPointDc that is used for reading/writing GPO and AD settings.
You can see the settings using the Get-DAEntryPointDC cmdlet on DirectAccess servers.
Use get-DAEntryPointDC
EntryPointName : DirectAccess-AU.domain.com
DomainControllerName : Server.domain.tld
EntryPointName : DirectAccess-CN.domain.com
DomainControllerName : Server.domain.tld
EntryPointName : DirectAccess-DK.domain.com
DomainControllerName : Server.domain.tld
EntryPointName : DirectAccess-US.domain.com
DomainControllerName : Server.domain.tld
Fix:
This powershell will change any Entrypoint domain controllers that has “ExisitingDC” name:
Set-DAEntryPointDC –ExistingDC "Server.domain.tld" -NewDC "Server.domain.tld" –Force -PassThru
More information
Set-DAEntryPointDC: http://technet.microsoft.com/en-us/library/hh918412.aspx
Troubleshooting Setting the Entry Point Domain Controller: http://technet.microsoft.com/en-us/library/jj591656.aspx