It Calls

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 22 November 2011

UAG Direct Access IP-HTTPS fail with SAN Certificate

Posted on 12:22 by Unknown



Lately I passed by this issue with a client trying to implement the UAG Direct Access using UCC SAN (Subject Alternative Name) Certificate. The Problem was that the Direct Access IPHTTPS URL name “da.company.com” was not the common name of the Certificate (The common name was www.company.com).  Microsoft recommends either Wildcard certificate or normal HTTPS certificate for the DA name. If you don't have other option but the SAN certificate then Its recommended to have the Common name matching the Direct Access IPHTTPS URL otherwise a manual work around should be done on both the UAG server and the UAG client.


UAG Server

The Direct Access URL should be adjusted manually on the UAG server using the Netsh command as follows:

Netsh Interface HTTPStunnel Set Interface https://da.company.com:443/IPHTTPS
Then run
Netsh Interface HTTPStunnel show interface


Netsh Interface HTTPStunnel show interface



UAG Client

The UAG clients/OU (according to your setup) GPO need to be modifed manually to add the Direct Access URL.
Computer Configuration/Policies/Administrative Templates/Network/TCPIP Settings/IPv6 Transition Technologies/IP-HTTPS State


IP-HTTPS State Group Policy


Make sure to update the GPO on the client (GPupdate /force) and activate the UAG configuration.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in DirectAccess, PKI, UAG | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Error 0x803100B7 Group Policy settings require the creation of a startup PIN, but a pre-boot keyboard is not available on this device
    I Purchased few weeks ago the Microsoft Surface Pro tablet, its a very nice production tablet that really enables remote users to run their ...
  • How to Publish New Certificate Revocation List (CRL) from Offline Root CA to Active Directory and Inetpub
    Its highly recommended when building your Microsoft PKI (Public Key Infrastructure) to have your Root CA offline after issuing the Enterpris...
  • The Card Supplied Requires Drivers that are not present on this System
    I recently started getting the above mentioned Logon warning Message (Check below screen shot) while logging on my old 2003 and 2003R2 serve...
  • AD CS not configured for Revocation checking of all certificates
    Recently the SCOM server (One of your best friends on the network) started reporting the error "AD CS not configured for Revocation che...
  • Windows 7 Direct Access Client Troubleshooting – Part 1 – Client Transition Technologies
    During the past few months I was heavily engaged with different DirectAccess implementations and passed by several interesting issues/proble...
  • Manual Install of UAG 2010/Remote App and RDS Portal Components
    Microsoft UAG 2010 main functions are Application Publishing and Enhanced DirectAccess deployment. The Application publishing allows you to ...
  • Surface 2 RT Bitlocker Recovery Key problem is fixed
    Windows Surface 2 RT comes already pre-setup with Bitlocker encryption, the user don't need to do anything to enable it or set/type a pa...
  • WMI Unhealthy on 2008R2 Domain Controllers - WBEM_E_QUOTA_VIOLATION
    Windows Management Instrumentation (WMI) is a key core windows management technology. It provides a consistent approach to carry day to day ...
  • A new MVP is here from Egypt
    I am pleased to announce and share with you all that I have been awarded the prestigious Microsoft Most Valuable Professional (MVP) award in...
  • Microsoft Update List for Hyper-V
    A lot of IT Professionals are moving to Hyper-V and they need to keep updated with all Hyper-V hotfixes, updates and Service Packs. The Belo...

Categories

  • Active Directory
  • Bitlocker
  • DirectAccess
  • Hyper-V
  • Lync
  • PKI
  • SQL
  • System Center
  • UAG
  • WSUS

Blog Archive

  • ►  2014 (1)
    • ►  January (1)
  • ►  2013 (27)
    • ►  December (5)
    • ►  November (4)
    • ►  October (2)
    • ►  September (1)
    • ►  August (4)
    • ►  July (4)
    • ►  May (1)
    • ►  April (2)
    • ►  March (3)
    • ►  February (1)
  • ►  2012 (25)
    • ►  December (2)
    • ►  November (3)
    • ►  October (3)
    • ►  September (2)
    • ►  August (2)
    • ►  July (2)
    • ►  May (2)
    • ►  April (1)
    • ►  March (3)
    • ►  February (2)
    • ►  January (3)
  • ▼  2011 (5)
    • ►  December (2)
    • ▼  November (3)
      • UAG Direct Access IP-HTTPS fail with SAN Certificate
      • The Active Directory integrated DNS zone _msdcs.do...
      • Troubleshooting Event ID 1058, Group Policy gpt.ini
Powered by Blogger.

About Me

Unknown
View my complete profile