Error no Usable Certificate UAG-DA

Dear All,

Iam deploy and config UAG-DirectAccess.
But, when I testing on client i have got DA Assistant log say that:

C:\Windows\system32\LogSpace\{D6AE2879-3408-4A3E-888B-4E2D646E1498}>netsh int teredo show state
Teredo Parameters
---------------------------------------------
Type                    : client
Server Name             : 202.xxx.xxx.xxx (Group Policy)
Client Refresh Interval : 30 seconds
Client Port             : unspecified
State                   : offline
Error                   : client is in a managed network


C:\Windows\system32\LogSpace\{D6AE2879-3408-4A3E-888B-4E2D646E1498}>netsh int httpstunnel show interfaces

Interface IPHTTPSInterface (Group Policy)  Parameters
------------------------------------------------------------
Role                       : client
URL                        : https://da.company.com:443/IPHTTPS
Last Error Code            : 0x103
Interface Status           : no usable certificate(s) found


C:\Windows\system32\LogSpace\{D6AE2879-3408-4A3E-888B-4E2D646E1498}>netsh dns show state

Name Resolution Policy Table Options
--------------------------------------------------------------------

Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                        if the name does not exist in DNS or
                                        if the DNS servers are unreachable
                                        when on a private network

Query Resolution Behavior             : Resolve only IPv6 addresses for names

Network Location Behavior             : Let Network ID determine when Direct
                                        Access settings are to be used

Machine Location                      : Inside corporate network

Direct Access Settings                : Configured and Disabled

DNSSEC Settings                       : Not Configured

Any one can help me?

Best Regards,
David
davidsatAsked:
Who is Participating?
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
OK..The error is for IPHTTPS...Have you tried using Teredo or even 6to4. Please note that to use 6to4, the client machine should have a Public IP assigned to it. If that is not possible...which is quite likely than try using Teredo..Teredo can work behind NAT Devices but you need to make sure that UDP port 3544 Outwards is allowed.
If both 6to4 and Teredo is not an option then make sure you have installed all the required certificates on the Client. It requires Certificate to make a secure IPSEC connection with DA Server.
Also read this article which specifically talks about this error :
http://blogs.technet.com/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx 
0
 
davidsatAuthor Commented:
not really answer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.