Direct Access – IPSec Issue

Posted by robd on October 10, 2018
Direct Access

Had a odd issue with our Direct Access servers today, We kept getting the following errors:

“There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration.”

After a day or two of not doing anything we couldnt event open the direct access console:

Or see any of the settings in PowerShell:

So whats the issue?  Turns out our Certificates had updated, namly our root and intermediate certificate and the direct access console didnt know what to do.

So to fix it, I’ll need to update the cert.

Open PowerShell and find the cert you want to use (the root or intermediate cert you used before):

Get-ChildItem Cert:\LocalMachine\Root

Then set this cert:

$certificate = (Get-ChildItem Cert:\LocalMachine\Root\1111111111111111111111111111111111222222222222)
Set-DAServer -IPsecRootCertificate $certificate

Open the Direct Access console and give it a try.

Tags: , ,

2 Comments to Direct Access – IPSec Issue

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.