Direct Access – IPSec Issue

Posted by robd on October 10, 2018
Direct Access / 2 Comments

Had a odd issue with our Direct Access servers today, We kept getting the following errors:

“There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration.”

After a day or two of not doing anything we couldnt event open the direct access console:

Or see any of the settings in PowerShell:

So whats the issue?  Turns out our Certificates had updated, namly our root and intermediate certificate and the direct access console didnt know what to do.

So to fix it, I’ll need to update the cert.

Open PowerShell and find the cert you want to use (the root or intermediate cert you used before):

Get-ChildItem Cert:\LocalMachine\Root

Then set this cert:

$certificate = (Get-ChildItem Cert:\LocalMachine\Root\1111111111111111111111111111111111222222222222)
Set-DAServer -IPsecRootCertificate $certificate

Open the Direct Access console and give it a try.

Tags: , ,

Exchange 2010 – Slow EMC

Posted by robd on September 07, 2012
exchange 2010 / 1 Comment

The cleaver people on the Microsoft Exchange team have come up with a work around for the Exchange Management Console being soooooo slow loading with Exchange 2010!!!

The fix is dead easy:

Turn off (Uncheck) “Check for publisher’s certificate revocation” & “Check for server certificate revocation” options on the server/workstations you are starting the EMC (Exchange Management Console) on

·        In Windows Internet Explorer –> Tools –> Internet Options –> Advanced tab

·        In the Security section, uncheck the below two options “Check for publisher’s certificate revocation” & “Check for server certificate revocation”

The reason for the slow processing time as explained by “nawaral” who works for Microsoft is that Exchange tries to connect to the certificate revocation list (CRL) Web site. Exchange examines the CRL list to verify the code signing certificate.

So basically turning it off, it won’t examine stupid certificates anymore!!

Here’s the link:


Tags: , ,