If that's the case you'll have to restore the GPOs from backup or remove and reconfigure Direct Access.

If something causes your Direct Access configuration on a client machine to corrupt or if Direct Access isn’t properly configured, it may be necessary to reset the NRPT on the client machine to fix the problem.There is no need to deploy or create VPN profiles or handle RADIUS authentication and other such complexities, but the system does utilize PKI (Public Key Infrastructure) to enable a secure VPN tunnel.Direct Access is also always available for external clients, meaning you don’t have to open a VPN session manually, and it starts *prior* to logon, which means the annoying issues of remote user password resets are easier to handle.There are known issues with Direct Access where the GPOs can be inadvertently deleted (see https://technet.microsoft.com/en-us/library/dn464274.aspx#Anchor_0).

The way to resolve this is to have an AD administrator create the GPOs and delegate full permissions on them to you. Generating a self-signed IP-HTTPS certificate on server DC1.example.local...