none
Direct access client fail to connect with server with computer certificate

    Question

  • Hi,

    We have deployed direct access in our environment  few months ago. everything was fine but from last couple of weeks we are getting calls from users that direct access is not working on their system. In initial troubleshooting we have found common error from users of different region that their device certificate turned into some numeric value

    As first authentication is based on device certificate client can not connect with direct access server. We need to connect machines with LAN cable and run gpupdate /force. After that certificate changed to normal and client start connecting with direct access server.

    could anyone help me to understand the reason of this abnormal certificate behavior. I have tried to find the log but no success.


    jeudi 12 septembre 2013 18:37

Toutes les réponses

  • Hi,

    what do mean with "their device certificate turned into some numeric value"? With the gpupdate /force you enroll a new certificate from the CA and it seems then everything goes back to normal. Is this all UAG or do you have 2012? Windows 7 clients, or 8 or both?

    What is the validity on your certificates and what is the renewal period? Do you use a SSL certificate from your internal CA with UAG? Is the CDP URL published to the Internet and contains an HTTP URL? Is this URL working from the Internet?

    Sorry for all the questions. ;-)

    Regards,

    Lutz

    vendredi 13 septembre 2013 15:57
  • Hi,

    Please find the cert. image below where intended purpose and certificate template turned into numeric value                       expiry date in 2014.

    after gpupdate /force it again showing intended purpose and cert. template name.

    We are using inter CA server and workstation template for client certicate.

    CRL is published on internet and clients are able to access it. We have configured our DA server on 2012 and clients are windows 7 and windows 8.


    • Modifié achievers samedi 14 septembre 2013 18:00
    samedi 14 septembre 2013 11:40