So digging a bit deeper I found that it creates a WMI filter in Group Policy called “Direct Access – Laptop only WMI filter” and adds the “Direct Access Client Settings” GPO to that filter.
Below I break down what the filter is and give some information on how you can create your own WMI filter for Group Policies.
So I am not sure why they are including server maybe just in case we have it installed on a laptop and want to use Direct Access but never the less this is how it evaluates out.
This issue occurs when the user account is locked out or has an expired password.
If it cannot connect to the NLS, the Direct Access client assumes it is outside of the corporate network and attempts to establish Direct Access connectivity.
For this reason it is essential that the NLS be exempted from the Name Resolution Policy Table (NRPT) and its hostname only be resolvable on the Internal network.
I'm really baffled as to why this might be happening.
Because internal DNS resolution is not happening, the computer is not able to communicate with the domain properly, so Group Policy can't be applied and I doubt authentication is working properly. I've reset Winsock and the IP stack, and rebooted numerous times with no difference.