Problem with Direct Access - Ipsec problem
Hello I have problem with deployment Direct Access in our company. We have DC set on SBS2008 (on SBS there are: ADDS, ADCS, DNS, Certification authority) Direct Access Server is set on Win2012 Essentials RC. I created security group on DC with only 1 computer with Windows 8. Everything is working great when I don't highlight the option "Enable Windows 7 Client computers to connect Via Direct Access". Then I don't have to choose Root CA and Direct Access on Windows 8 works OK. I can connect to my company from the Internet. The problem starts when I add 1 computer for testing purposes only with Windows 7 Ultimate. I added that computer to my security group on DC, highlighted option "Enable Windows 7 Client computers to connect Via Direct Access" and now I have to choose Root CA. I chose the only Root Certificate that I have in my CA "acs-SBS2008-CA". Every server/computer recieves that certificate when he joins domain. http://imageshack.us/photo/my-images/692/61796845.jpg/ Of course I added CRL to CA as stated in DA step by step guide. Configuration goes with no problem but then I have IPSec error. http://imageshack.us/photo/my-images/525/59786044.jpg/ After typing gpupdate on Windows 8 and Windows 7, Windows 8 lost connection to DA and Windows 7 won't work neither. So it's obvious that there is problem with my Root CA. I have no idead what I'm doing wrong. Here: http://www.enterprisenetworkingplanet.com/windows/article.php/3899621/Ditch-Your-VPN-for-DirectAccess.htm I read that DC with CA must be set on Win2008R2. Is that true? I don't think so. I think that only DA Server must be set on win2008r2/2012. Am I right? And by the way I didn't enroll any Machine Certificates but I don't think it will help because I would still have to choose Root CA in DA Deployment Wizard. Please help. Is there option to force Windows 7 not to use any certificate like Win 8?
September 13th, 2012 12:56pm

Hello, please ask this in the networking forum http://social.technet.microsoft.com/Forums/en/winserverNIS/threads?page=1 instead here.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2012 6:23am

Sorry, thread closed. Enrolling computer certificates fixed my case.
September 14th, 2012 6:58am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics