Unable to modify Direct Access config
-
Wednesday, June 20, 2012 2:40 PM
I've been playing around with setting up Direct Access with Server 2012. I made a change to allow Windows 7 clients and selected an intermediate certificate authority. I think I picked an incorrect intermediate CA...but now I cannot change the configuration. When I launch the Remote Access Management Console, I get the message "Settings for the server myserver.mydomain.local cannot be retrieved. The cmdlet did not run as expected." I cannot modify any settings to fix the problem and cannot remove the role since the configuration exists. Seems like it is just stuck. Suggestions?
Rob
Rob
All Replies
-
Thursday, June 21, 2012 12:17 PM
Hi,
Can you try setting a new IPsec certificate using the Set-DAServer powershell cmdlet?
Example usage:
- List root certificates using: "Get-ChildItem Cert:\LocalMachine\Root"
- Select the certificate you want: "$certificate = (Get-ChildItem Cert:\LocalMachine\Root)[IndexOfTheCertificateYouWant]
- Change the root certificate in the DA configuration: "Set-DAServer -IPsecRootCertificate $certificate"
- Now try to open the management console again.
Let me know if this helps,
Thanks,
Yaniv
- Marked As Answer by Tiger LiModerator Friday, June 22, 2012 5:27 AM
-
Thursday, June 21, 2012 1:18 PM Yaniv, that probably would have worked. I ended up just starting over with a new VM.
Rob
- Marked As Answer by Tiger LiModerator Friday, June 22, 2012 5:27 AM
-
Thursday, September 06, 2012 12:31 PMI had the exact same issue and your solution worked like a charm for me! Thanks!
-
Tuesday, October 02, 2012 11:52 PMSame problem -- this fixed it! Thanks from me to!
-
Tuesday, November 20, 2012 9:56 PMWorked for me as well.
-
Wednesday, November 28, 2012 5:50 PMYaniv,
This might be a silly question but what is the "[IndexOfTheCertificateYouWant]"? -
Thursday, November 29, 2012 9:54 AM
From the list returned from the first command just use the thumbprint of the one you want. For example if you wanted the MS Root (which you won't in practice) the first couple of commands would be as follows:
PS P:\> Get-ChildItem Cert:\localMachine\Root Directory: Microsoft.PowerShell.Security\Certificate::localMachine\Root Thumbprint Subject ---------- ------- CDD4EEAE6000AC7F40C3802C171E30148030C072 CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com BE36A4562FB2EE05DBB3D32323ADF445084ED656 CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanvill... : : : PS P:\> $certificate = (Get-ChildItem Cert:\LocalMachine\Root\CDD4EEAE6000AC7F40C3802C171E30148030C072) PS P:\>Douks
-
Friday, January 11, 2013 3:38 PM
hi,
same Problem here... i tryed that fix but have ths error, iam a local admin, but no domain admin.
Set-DAServer : Access is denied. At line:1 char:1 + Set-DAServer -IPsecRootCertificate $certificate + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (PS_DAServer:root/Microsoft/...ess/PS_DAServer) [Set-DAServer], CimExc eption + FullyQualifiedErrorId : HRESULT 80070005,Set-DAServer
solved... forgot to run the poweshell with admin rights...- Edited by HAL2012 Monday, January 14, 2013 10:15 AM
-
Wednesday, March 06, 2013 12:25 PM
Yaniv, you are Genius. Thanks
-
Monday, March 18, 2013 9:03 PM
There is now a hotfix for this issue
http://support.microsoft.com/kb/2796394
.png)
