DirectAccess - More Information on the “No Usable Certificate(s)” 0x103 Error

In the continuing saga of the “No Usable Certificate(s) 0x103” error, which has been discussed in two previous blog posts: http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx and http://blogs.technet.com/b/tomshinder/archive/2011/02/21/another-cause-of-the-no-usable-certificates-s-0x103-error.aspx#3415408 we’ll expand on the explanation for the reason why the computer certificate isn’t included in the NTAUTH store on the UAG DirectAccess server. In the second link noted above, we discovered that…

1

Another Cause of the “No Usable Certificate(s) 0x103 Error

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx Phillip Sand clued me into another possible cause of IP-HTTPS connectivity problems. First, whenever you suspect a problem with…

13

Certificate Related Questions and Test Lab Guide Guidance

A couple of good questions were asked on a recent blog post and I figured it was worthwhile to answer them in more detail in a separate post. ==================================== “Can you clarify a couple points related to Certificate Authorities and CRLs?  I plan on getting a commercial certificate for the IP-HTTPS listener as you recommended,…

5

Troubleshooting the “No Usable Certificate(s)” IP-HTTPS Client Error

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) An interesting case came in last week and I thought it would be useful to share it with you all. It’s especially interesting because it covers some not so well documented features of the IP-HTTPS client configuration and how it works. For those of…

3

UAG DirectAccess – Don’t Fear the Reaper or IPv6

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) “All our times have come Here, but now they’re gone Seasons don’t fear the reaper Nor do the wind, the sun or the rain (We can be like they are) Come on baby (Don’t fear the reaper) Baby, take my hand (Don’t fear the…

2