none
IP-HTTPS Cert Question RRS feed

  • Question

  • I'm still troubleshooting the IP-HTTPS issue with my UAG DA SP1 install in the LAB. It's running based on the TLG UAG 2010 SP1 RC DirectAccess. I could never find a newer version of this TLG. Anyway, I have teredo working just fine from Homenet. But IP-HTTPS is not.

    From TechNet Forefront UAG DA pre-reqs, I see that for IP-HTTPS cert, it says "The certificate subject should be the URL of the Forefront UAG DirectAccess server". So the cert below is my IP-HTTPS cert, and I selected the Web Server 2003 template when creating it. Should it have been Web Server 2008? Documents said either would work.

    And the screenshot below is from IP-HTTPS cert selection in UAG DA Wizard.

    Does the name here need to be uag1.corp.contoso.com ?

    Also --

    I've verified that the clients can ping crl.corp.contoso.com successfully.

    netsh int https show interface on the UAG1 server results in the following output:

    role: server

    url: https://uag1.corp.contoso.com:443/iphttps

    client authentication mode: certificates

    last error code: 0x0

    interface status: IPHTTPS interface active

    --------------------------------------

    On the client side: same command yields the following:

    role: client

    url: https://uag1.corp.contoso.com:443/iphttps

    last error code: 0x2afc

    interface status: failed to connect to the IPHTTPS server. Waiting to reconnect

    Thanks for any help ...


    Bill

    Thursday, April 26, 2012 10:02 PM

Answers

All replies