locked
DirectAccess and Windows 7 Clients RRS feed

  • Question

  • I am hoping someone could be of assistance. 

    Background:

    • 3 x DCs across 3 physical sites - A,B & C
    • 1 x DirectAccess Server in Site A - Configured and serving clients
    • 1 x DirectAccess server in site B - Not yet configured, awaiting results of the problem below
    • 1 x Root CA in site A
    • Dedicated links between all sites. 

    We are currently attempting to deploy DirectAccess in our environment, which is configured with a single server, single site and successfully servicing Windows 8.1 Clients.

    I now attempt to activate the use of Computer Certificates for Windows 7 Client connectivity using our internal CA to issue certificates. This whole solution has been tested in an isolated test environment prior to Live implementation. 

    When selecting the Root Certificate and applying the configuration change, I get the following error and the Wizard rolls back the changes: Element not found. (see picture)

    This has led me to various forums, recommending to add Cifs/domain & Cifs/FQDN to the DC or to either disable the external NIC prior to applying the config, then enabling it shortly after. Neither of these actually helps. 

    Any advice would be greatly appreciated.

    Thursday, June 25, 2015 9:40 AM

All replies

  • Hi,

    I've seen that when the Remote Access Management console cannot access one or more domain controllers. A Customer of mine had this problem on a single domain controller among hundreds.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Proposed as answer by BenoitSMVP Wednesday, July 1, 2015 8:18 AM
    • Unproposed as answer by Abselvania Wednesday, July 1, 2015 8:47 AM
    Monday, June 29, 2015 7:11 PM
  • Thanks for that, as far as I can determine, the DirectAccess machine can access all three domain controllers. I've used nltest as well as netdom verify to confirm connectivity.

    Wednesday, July 1, 2015 8:47 AM
  • Hi There - I have seen this issue a few times when AD Sites and Services do not have the subnet for the DA Internal Leg assigned to a site, especially within a large Enterprise Environment (actually this happened last week) - when the subnet was added to the respective Datacentre the configuration could be retrieved successfully. Can you check you have done this at both Datacentres / Sites

    Kr


    John Davies

    Wednesday, July 8, 2015 7:30 AM