The DirectAccess server is in its own OU with blocked inheritance. If I unlink every computer policy except for the DirectAccess server configuration policy and run gpupdate /target:computer /force, all of the clients reset their connections.
Firewall is set to "on" when no group policy applied and with a GPO.
Routine 90 minute interval GPUpdates don't cause the issue, but some kind of manual gpupdate is being run by "system" that coincides with 4004 Events in the group policy operational log. The information is usually, "Starting manual processing of policy for computer DOMAIN\COMPUTERACCOUNT$". The times of occurrence for these events are not any kind of predictable intervals, but they do not coincide with console/rdp logins to the server.
This server also has SCCM agent, SCOM agent, and AppLocker running in audit mode. I have noticed that the system generated PolicyConverter task is running one second before GPupdate, but I can manually run the task and not get the gpupdate or reset all of the DA connections. Any ideas? I have failed to find any potential matches to my scenario searching the web.