locked
UAG Direct Access Error "A computer certificate issued by a CA could not be found ..." RRS feed

  • Question

  • Hello, I'm trying to build out UAG DA using step-by-step guide v2 Beta 1 (http://social.technet.microsoft.com/wiki/contents/articles/forefront-uag-directaccess-step-by-step-guide-v2-beta-1.aspx) and during UAG1 Direct Access Server Configuration I get the following error at IPsec Certificate Authentication setup page.

    A computer certificate issued by the CA "DC=COM, DC=CONTOSO, DC=CORP, CN=CORP-DC1-CA" could not be found on the server. To enable IPsec authentication, ensure that a computer certificate is installed on all array members.

    I'm running single node UAG and have walked through the guided step-by-step to this point. Any help greatly appreciated.


    Bill

    Tuesday, March 6, 2012 3:50 AM

Answers

All replies

  • Hi,

    It seems tha the IPSec certificate was not deployed on the UAG box before UAG installation. By default RPC communications are blocked. Have a look at this blog post from tom Shinder : http://blogs.technet.com/b/edgeaccessblog/archive/2010/04/22/deep-dive-into-uag-directaccess-certificate-enrollment.aspx

    Alternate solution : Be sure to stop all services related to UAG before requesting a certificate and restart your server. Off course, this is not a recommanded method in production environment.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Beachnut_ Wednesday, March 7, 2012 1:56 AM
    • Unmarked as answer by Beachnut_ Wednesday, March 7, 2012 1:56 AM
    • Marked as answer by Beachnut_ Wednesday, March 7, 2012 1:56 AM
    Tuesday, March 6, 2012 9:05 AM
  • I made the changes as you suggested in the blog post, but that didn't make a difference ... same error. I restarted the server before requesting the computer certificate, and once computer cert generated, the error is gone. Thanks for pointing me in the right direction.


    Bill

    Wednesday, March 7, 2012 1:58 AM