Another Cause of the “No Usable Certificate(s) 0x103 Error

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx Phillip Sand clued me into another possible cause of IP-HTTPS connectivity problems. First, whenever you suspect a problem with…

13

How to Disable IP-HTTPS for Testing and Troubleshooting

A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable it for…

3

Certificate Related Questions and Test Lab Guide Guidance

A couple of good questions were asked on a recent blog post and I figured it was worthwhile to answer them in more detail in a separate post. ==================================== “Can you clarify a couple points related to Certificate Authorities and CRLs?  I plan on getting a commercial certificate for the IP-HTTPS listener as you recommended,…

5

Solving the Mystery of the Dead Teredo Interface

You’ve deployed DirectAccess on your network as a pilot project for your IT group over the holidays and everything is working great. When the users are behind a wide open NAT device, they use Teredo to connect to the UAG DirectAccess server. When they’re behind a port-restricted firewall or web proxy only, then they fall…

0

Why are both the Teredo and IP-HTTPS Interfaces Active?

 A common question I see on the message boards and in conversations with our DirectAccess customers relates to the IPv6 transition technology interfaces that are active on the DirectAccess client at any point in time. Most often, the question comes up about why both the Teredo and IP-HTTPS interfaces are active at the same time….

1

Considerations When Using Ping to Troubleshoot DirectAccess Connectivity Issues

You’re learning about DirectAccess and you like what you see. The next step is to build out a test lab. You can build out your own, or you can let me to the heavy lifting for you and use the UAG DirectAccess Step by Step Guide over at http://technet.microsoft.com/en-us/library/ee861167.aspx You’ll save a lot of time…

4

Troubleshooting the “No Usable Certificate(s)” IP-HTTPS Client Error

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) An interesting case came in last week and I thought it would be useful to share it with you all. It’s especially interesting because it covers some not so well documented features of the IP-HTTPS client configuration and how it works. For those of…

3

UAG DirectAccess – Don’t Fear the Reaper or IPv6

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) “All our times have come Here, but now they’re gone Seasons don’t fear the reaper Nor do the wind, the sun or the rain (We can be like they are) Come on baby (Don’t fear the reaper) Baby, take my hand (Don’t fear the…

2