none
UAG Direct Access SP1 OTP Error RRS feed

  • Question

  • I have just recently put in Forefront UAG SP1 (single server) and implement DirectAccess.  Everything was working great and we were able to connect and access all of our resources.  Then we implemented OTP using Aladdin eTokens which is a security requirment for our business that uses a OTP via RADIUS authentication.  Since we implemented OTP we are able to connect via the infrastructure tunnel and are then prompted for our OTP Authentication.  But before we can enter in the credentials the two input boxes become greyed out an we received the error "A DirectAccess connectivity authentication error occurred. Retry the action, or contact the site administrator."  When we implemented OTP we setup a dedicated subordinate CA which is strictly used for OTP certificates only.  The two certificates that the DirectAccess powershell script creates are setup as templates "DirectAccess OTP Workstation Authentication" and "DirectAccess OTP User".  Those certificates are setup for an 8 hour expiration date. I feel that this is a problem with the CA but I can not prove is or see what is wrong.  The reason I believe that it is possily a certificate issue is because everyonce in a while DA will allow me to put in my OTP but it will not work consistantly.  I am running UAG SP1 on a Windows 2008 R2 x64 box and the clients are Windows 7 Enterprise (x64 and x86) with DCA 1.5 installed and all clients (about 5 clients testing) are receiving the same error message.

    I am not seeing anything in the event log on either the UAG server or the client workstation.  I am also checking the Web Monitor when a user connects I can see in DirectAccess Monitor - Active Sessions that the infrastructure tunnel is created and then it shows that a "A client certificate was not provided" in the description field.  I am assuming that this message is because OTP authentication hasn't been established for the user certificate tp be provided.

    The one weird thing is that this was working when we first implemented it and then it all of a sudden stopped working.  I am looking for any ideas or if anyone can tell me what is happening when the "Windows Security" window pops up asking for my OTP Authentication is might narrow down where I need to look.

    That is all the detail I can think about for now, please let me know if you have any ideas or need any more information.

    Thanks,

    Mike

     

    Tuesday, March 1, 2011 2:23 PM

Answers

  • Hi Mike,

    I know you opened a support case on this, so I'm closing this question as answered (even though the solution is still investigated by you and me)


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 10, 2011 10:45 PM
    Tuesday, May 10, 2011 10:45 PM

All replies

  • Hi Mike,

    I know you opened a support case on this, so I'm closing this question as answered (even though the solution is still investigated by you and me)


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 10, 2011 10:45 PM
    Tuesday, May 10, 2011 10:45 PM
  • Hi Ben,

    I've same issue with greyed out OTP authentication windows. Do you have a solution or workaround for this.

    Thanks in advance

    Thursday, May 26, 2011 1:08 PM