It Calls

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 29 February 2012

Troubleshooting Direct Access Teredo connectivity on Forefront UAG 2010

Posted on 11:31 by Unknown
I encountered a problem on one of my installations for DirectAccess where all the clients were able to connect to DirectAccess using HTTPS only. After several investigations and with the help of senior Microsoft Engineers we noticed that the Teredo IPV6 route is missing on the server. When the server is trying to respond to Teredo requests, it uses the default Route (6to4) instead of the server Teredo Adapter due to the following route entry:

UAG cannot respond to Teredo


To fix this issue you need to manually add the Teredo route as follows:


  1. We need to obtain the Teredo Adapter interface index (IDX) from running the following elevated command on the UAG server “netsh int ipv6 show int”
  2. Add the route manually (using the obtained IDX from the earlier step) as follows:

Adding Teredo Route manually to UAG 2010 routing table






Read More
Posted in DirectAccess | No comments

Certificate CRL and Delta CRL are not copied automatically to the HTTP Path

Posted on 10:58 by Unknown
A common problem noted on several implementations of Active Directory Certificate Services is the CRL and Delta CRL copies to the HTTP Path.  By default Microsoft Enterprise CA only publishes CRL automatically to LDAP path defined in the CRL Distribution Point (CDP). Normally CA administrators could define CDP in many locations as LDAP and HTTP (Inetpub Folder). Since it’s only copied to LDAP, the HTTP location gets expired and the user would encounter this error.

HTTP CRL location get expired on daily basis


The certificate will try to retrieve the CRL and Delta CRL from each defined location (LDAP and HTTP) when system check the revocation status of certificate. If it can get the CRL from one and only one of these locations then it will pass the revocation process and function normally even if the CRL is not copied to the HTTP location. However it will give the above Expired Status for CRL and Delta CRL HTTP Location.

To solve this issue you have two options:



  1. Copy them manually from the CERTSRV folder to the Inetpub folder
  2. Create a batch file to copy them automatically and add this batch file to the daily scheduled tasks.

The Batch file should be something like this
Xcopy c:\windows\system32\certsrv\CertEnroll\*.crl  C:\Intetpub\


Read More
Posted in PKI | No comments
Newer Posts Older Posts Home
Subscribe to: Comments (Atom)

Popular Posts

  • Error 0x803100B7 Group Policy settings require the creation of a startup PIN, but a pre-boot keyboard is not available on this device
    I Purchased few weeks ago the Microsoft Surface Pro tablet, its a very nice production tablet that really enables remote users to run their ...
  • How to Publish New Certificate Revocation List (CRL) from Offline Root CA to Active Directory and Inetpub
    Its highly recommended when building your Microsoft PKI (Public Key Infrastructure) to have your Root CA offline after issuing the Enterpris...
  • WMI Unhealthy on 2008R2 Domain Controllers - WBEM_E_QUOTA_VIOLATION
    Windows Management Instrumentation (WMI) is a key core windows management technology. It provides a consistent approach to carry day to day ...
  • Manual Install of UAG 2010/Remote App and RDS Portal Components
    Microsoft UAG 2010 main functions are Application Publishing and Enhanced DirectAccess deployment. The Application publishing allows you to ...
  • The Card Supplied Requires Drivers that are not present on this System
    I recently started getting the above mentioned Logon warning Message (Check below screen shot) while logging on my old 2003 and 2003R2 serve...
  • Troubleshooting Event ID 1058, Group Policy gpt.ini
    Event ID: 1058 Source: Group Policy "The Processing of Group Policy failed. Windows attempted to read the file \\domain\sysvol\domain\p...
  • Microsoft MBAM Client Implementation Best Practices
    Microsoft BitLocker Administration and Monitoring (MBAM) is part of Microsoft Desktop Optimization Pack suite (MDOP) which contain other imp...
  • A new MVP is here from Egypt
    I am pleased to announce and share with you all that I have been awarded the prestigious Microsoft Most Valuable Professional (MVP) award in...
  • Increasing SCCM 2012 Add/Remove Programs Simple Query Value
    We passed by this issue with one of our new System Center configuration Manager SCCM 2012 installations when trying to create a new device c...
  • UAG Portal Home Page Customization – Left Side Menu/Scroll Bar Example
    Microsoft UAG 2010 offers a very flexible way for customizing different pages and settings. The UAG Customization mechanism is deployed usin...

Categories

  • Active Directory
  • Bitlocker
  • DirectAccess
  • Hyper-V
  • Lync
  • PKI
  • SQL
  • System Center
  • UAG
  • WSUS

Blog Archive

  • ►  2014 (1)
    • ►  January (1)
  • ►  2013 (27)
    • ►  December (5)
    • ►  November (4)
    • ►  October (2)
    • ►  September (1)
    • ►  August (4)
    • ►  July (4)
    • ►  May (1)
    • ►  April (2)
    • ►  March (3)
    • ►  February (1)
  • ▼  2012 (25)
    • ►  December (2)
    • ►  November (3)
    • ►  October (3)
    • ►  September (2)
    • ►  August (2)
    • ►  July (2)
    • ►  May (2)
    • ►  April (1)
    • ►  March (3)
    • ▼  February (2)
      • Troubleshooting Direct Access Teredo connectivity ...
      • Certificate CRL and Delta CRL are not copied autom...
    • ►  January (3)
  • ►  2011 (5)
    • ►  December (2)
    • ►  November (3)
Powered by Blogger.

About Me

Unknown
View my complete profile