DirectAccess Client not able to get a Cert? RRS feed

  • Question

  • So I am running into an issue where I am not able to get the cert on my client laptop.  I have the profile set in the UAG Client OU and did the gpupdate and it grabbed the GPO just fine.  But when I go to request a cert it does not let me.  Anyone ever see that issue. If the computer is not in that OU i can request a cert with no problem


    Tuesday, August 30, 2011 8:39 PM

All replies

  • The ability or inability to grab certificates from your CA server really doesn't have anything to do with UAG or DirectAccess. If it seems you are being denied access to request a certificate when your computer account is part of a particular group, it's more likely related to an AD or GPO setting or a permissions setting on the CA server, something particular to that OU.
    Wednesday, August 31, 2011 2:56 PM
  • Are you manually requesting the certificate using Certificates Snap in MMC? Or are you configuring autoenrollment via GPO for the OU that holds your DirectAccess clients?

    If manual, does issuing template show as available for issuing certificates or does it say it is unavailable?



    Steve Angell - IDA Consultant (
    Thursday, September 1, 2011 1:49 AM