DirectAccess Windows 7 SP1-W2K12: Authentication certificate cannot be validated RRS feed

  • Question

  • Hi all

    I am looking for input on a strange error. A customer has implemented DirectAccess (single NIC), using computer certificates for authentication, but when outside, the DirectAccess Connectivity Assistant 2.0 reports:

    Corporate Connectivity is not working
    An authentication certificate cannot be validated. No connection to the IP-HTTPS certificate revocation list (CRL) is available. Contact the site administrator.

    The DirectAccess server is accessible from outside with the correct certificate (https://da2012.customer.com/IPHTTPS), which contains contains a CDP of http://crl.customer.com/crld which is also accessible from outside (as well as an LDAP-based CDP which is not available from the outside).

    Running certutil -verify -urlfetch exported-iphttps-certificate.cer passes the validation, and in the Enterprise PKI snap-in all CDP/AIAs show up as OK.

    I am about to install KB2615847 but am not sure if this is related since the IPsec tunnel is not between Win7-Windows2008R2, but Win7-WindowsServer2012.

    Any suggestions?

    Best regards

    Thursday, April 18, 2013 10:11 AM

All replies

  • Hi, have you resolved that issue?
    Monday, August 1, 2016 4:15 AM
  • Please check this article


    Another thing to check is ensure that the CDP of the Issuing CA URL in the Direct Access tunnel exemptions list

    Sunday, August 21, 2016 1:15 PM