Another Cause of the “No Usable Certificate(s) 0x103 Error

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx Phillip Sand clued me into another possible cause of IP-HTTPS connectivity problems. First, whenever you suspect a problem with…

13

Clearing the Air on ISATAP

For companies thinking about deploying DirectAccess, the question of whether or not you need to deploy ISATAP will invariably come up. The answer to this question is “no” and the reasons for why you don’t need ISATAP in a DirectAccess deployment are covered in my article over at http://blogs.technet.com/b/tomshinder/archive/2010/10/01/is-isatap-required-for-uag-directaccess.aspx However, ISATAP does have a place…

9

The Edge Man Hits 50,000 Posts on ISAserver.org

Most of you probably know this, but before I joined Microsoft I spent most of my time with ISA Server and Threat Management Gateway (TMG). A big part of my life was ISAserver.org (www.isaserver.org). My affiliation with ISAserver.org started in mid-2000 and continued uninterrupted until I joined Microsoft in December 2009. However, even after joining…

5

TechNet Webcast: Talk TechNet with Keith Combs and Matt Hester – Episode 12: Dr. Tom Shinder on DirectAccess (Level 200)

Event Overview Talk TechNet enables you to get your questions about hot technologies answered in real time. In this session, Dr. Tom Shinder will be here to discuss DirectAccess and what Unified Access Gateway 2010 brings to the DirectAccess table. Tom is a Principal Writer in the Anywhere Access Group and is responsible for UAG…

0

How to Disable IP-HTTPS for Testing and Troubleshooting

A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable it for…

3

Use a HOSTS File Entry to Control ISATAP Host Configuration

ISATAP is an optional configuration option you can take advantage of when working with UAG DirectAccess. What ISATAP allows you to do is automatically assign IPv6 addresses to computers on the network that already have IPv4 addresses (which is going to be all of them). The advantage conferred when using ISATAP is that you can…

6

DirectAccess Monitor Reports Network Security Not Healthy

Came across a very handy tip on the TechNet forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/8965b7de-8814-40ed-b189-37b53bb1b88b In this thread, UAG DirectAccess Pro Ken Carvel provides a nice tip on what to do when you see the DirectAccess Monitor report that Network Security is not healthy. Just in case that thread disappears, I’ll repost what Ken had to say…

1

Enabling Microsoft Update on UAG DirectAccess Servers

I shouldn’t have to say it – but you should always enable Microsoft Update on your UAG DirectAccess servers and arrays. In the third step of the UAG Getting Started Wizard you are given the opportunity to enable Microsoft Update (and also join the Microsoft Customer Experience Improvement Program, something I highly recommend). After you…

0

Answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 4and Contest 2 Round 1/Quiz 4

This is the big day! The results are in for the last quiz in Contest 1. First, I’ll go over the questions and answers and explain some interesting things that came up when I reviewed the answers I received, which had the effect of leading to two correct answers for one of the questions. At…

0