Direct Access + There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configurationDirect Access
We’ve got an error like: There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration
and in the Dashboard it shows red IPSEC.
We updated the template and re-issued the certificate but the error was still.
The fix: we have the expired Root certificate for DA-Server.
The steps to fix it:
PS C:\WINDOWS\system32> Get-ChildItem Cert:\LocalMachine\Root
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root
Thumbprint Subject
---------- -------
9777...C20A CN=company, DC=com
PS C:\WINDOWS\system32> get-daserver
DAInstallType : FullInstall
InternetInterface : Ethernet
InternalInterface : Ethernet
ConnectToAddress : da.company.com
SslCertificate : [Subject]
CN=da.akvelon.com.ua
[Issuer]
CN=company, DC=com
[Serial Number]
XXXXX
[Not Before]
12/14/2023 8:08:49 PM
[Not After]
12/14/2025 8:18:49 PM
[Thumbprint]
B4...4EF615E
GpoName : company.com\DirectAccess Server Settings
InternalIPv6Prefix : {fd94:35d:fc3a:1::/64}
ClientIPv6Prefix : fd94:35d:fc3a:1000::/64
UserAuthentication : UserPasswd
ComputerCertAuthentication : Enabled
IPsecRootCertificate : [Subject]
CN=company, DC=com
[Issuer]
CN=company, DC=com
[Serial Number]
XXXX
[Not Before]
1/5/2019 6:06:16 PM
[Not After]
1/5/2024 6:06:16 PM
[Thumbprint]
FB...F2855A
IntermediateRootCertificate : True
TeredoState : Disabled
IsSingleNic : True
IsNatDeployed : True
PS C:\WINDOWS\system32> $certificate = (Get-ChildItem Cert:\LocalMachine\Root\9777...C20A)
PS C:\WINDOWS\system32> Set-DAServer -IPsecRootCertificate $certificate
PS C:\WINDOWS\system32> get-daserver
DAInstallType : FullInstall
InternetInterface : Ethernet
InternalInterface : Ethernet
ConnectToAddress : company.com
SslCertificate : [Subject]
CN=company.com
[Issuer]
CN=company, DC=com
[Serial Number]
XXXX
[Not Before]
12/14/2023 8:08:49 PM
[Not After]
12/14/2025 8:18:49 PM
[Thumbprint]
B438...615E
GpoName : company.com\DirectAccess Server Settings
InternalIPv6Prefix : {fd94:35d:fc3a:1::/64}
ClientIPv6Prefix : fd94:35d:fc3a:1000::/64
UserAuthentication : UserPasswd
ComputerCertAuthentication : Enabled
IPsecRootCertificate : [Subject]
CN=company, DC=com
[Issuer]
CN=company, DC=com
[Serial Number]
XXXXX
[Not Before]
1/8/2022 5:44:23 PM
[Not After]
1/8/2027 5:44:23 PM
[Thumbprint]
977...C20A
IntermediateRootCertificate : False
TeredoState : Disabled
IsSingleNic : True
IsNatDeployed : True
Windows + Move the Recovery partition Powershell + HTML + Replace COLOR for a ROW
Comments are currently closed.