Why DirectAccess shouldn't configured on Domain Controllers?

I've configured DirectAccess on Windows Server 2016 DC. It correctly configured and deployed at first time after installing DA.
But I modified the NLS configuration and tried to apply configuration, I got "DirectAccess configuration settings stored in GPOs cannot be backed up. Verify network connectivity to the domain controller." error message.

|DC(also DirectAccess Server)|------|Router|------|Client on the Internet|
Kim IseopAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tahir QureshiSystem AnalystCommented:
AD DS requirements for DirectAccess

If the domain controller is on a perimeter network (and therefore reachable from the Internet-facing network adapter of the DirectAccess server), you must prevent the DirectAccess server from reaching it by adding packet filters on the domain controller to prevent connectivity to the IP address of the Internet adapter.
The DirectAccess server must be a domain member.
DirectAccess clients must be domain members. Clients can belong to:
Any domain in the same forest as the DirectAccess server.
Any domain that has a two-way trust with the DirectAccess server domain.
Any domain in a forest that has a two-way trust with the forest to which the DirectAccess domain belongs.

in simple word
 the DirectAccess server must be a domain member and cannot be a domain controller.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Tahir Qureshi (https:#a42052354)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.