Had a odd issue with our Direct Access servers today, We kept getting the following errors:
“There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration.”
After a day or two of not doing anything we couldnt event open the direct access console:
Or see any of the settings in PowerShell:
So whats the issue? Turns out our Certificates had updated, namly our root and intermediate certificate and the direct access console didnt know what to do.
So to fix it, I’ll need to update the cert.
Open PowerShell and find the cert you want to use (the root or intermediate cert you used before):
Then set this cert:
$certificate = (Get-ChildItem Cert:\LocalMachine\Root\1111111111111111111111111111111111222222222222) Set-DAServer -IPsecRootCertificate $certificate
Open the Direct Access console and give it a try.