My cert expired on my Direct Access server (2012 R2) and now I am kind of screwed. I have lots of remote clients who cannot just plug back in to grab the new cert + settings I applied to DA.
I tried creating a new ticket using:
djoin /provision /domain domain.net /machine "%pcname%" /policynames "DirectAccess Client Settings" /rootcacerts /reuse /savefile dj_ticket.txt
Then I tried having them process it remotely using:
djoin /requestODJ /loadfile dj_ticket.txt /windowspath %SystemRoot% /localos
Normally this works perfectly to allow me to have remote clients join my domain without direct access however, it doesn't work when the remote clients were already a member of the domain. I somehow need to flush the old settings and apply the new ones.
Any ideas?