locked
How to get a direct access certificate if user is remote by vpn RRS feed

  • Question

  • Hey  guys,
    I need some help.

    I have a custommer that had a Direct Access configured in Windows Server 2008 R2 in the past, but this stop to work.
    I then configured the Direct Access in Windows Server 2012 and this is working fine.

    But I need know how do I distribute the computer certificate to users that aren't in the office?

    I have tried this configuring a VPN in TMG and executing gpupdate /force, but the certificate was not distributed.

    Have any way to users get this certificate without going to office?

    Thanks Everyone

    Valdir Pereira
    Monday, July 1, 2013 6:53 PM

Answers

All replies

  • Valdir,

    please, take a look at this link and let us know if it meets to your need:

    http://technet.microsoft.com/en-us/library/cc754841(v=ws.10).aspx

    Regards


    Uilson Souza | MCTS ISA Server | MTAC - Microsoft Technical Audience Contributor http://uilson76.wordpress.com

    Tuesday, July 2, 2013 2:19 AM
  • Hi

    If your computer already trust your internal CA, your problem might belocalized in TMG. Due to RPC restriction in TMG. Have a look at this article. It deal of the same subject with DirectAccess but it's the same problem http://blogs.technet.com/b/edgeaccessblog/archive/2010/04/22/deep-dive-into-uag-directaccess-certificate-enrollment.aspx.

    Have a nice day.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Proposed as answer by BenoitSMVP Friday, July 5, 2013 3:24 PM
    • Marked as answer by Valdir Pereira Wednesday, July 10, 2013 12:11 PM
    Tuesday, July 2, 2013 7:28 AM
  • Valdir, looking into BenoitS reply, think it´s the best way to follow...

    Uilson Souza | MCTS ISA Server | MTAC - Microsoft Technical Audience Contributor http://uilson76.wordpress.com

    Tuesday, July 2, 2013 3:00 PM
  • BenoitS,
    I will try this.

    I had read this in other site, but was not confortable to change as the other site had not clarified the option.

    I will change and let you know if this works

    Thanks everyone
    Tuesday, July 2, 2013 6:33 PM
  • Hi BenoitS,
    This worked for me. Thanks
    I have tried this but not worked and then I verified in VPN rules and there is an option to configure RPC option and then removed the same option in your link.
    This was found when I right-click in the rule.
    Thank you and Uilson for the attention

    Have a nice day.
    Wednesday, July 10, 2013 12:11 PM
  • Hi

    Its the same kind of RPC option than in TMG.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, July 11, 2013 7:34 PM