Error no Usable Certificate UAG-DA

Dear All,

Iam deploy and config UAG-DirectAccess.
But, when I testing on client i have got DA Assistant log say that:

C:\Windows\system32\LogSpace\{D6AE2879-3408-4A3E-888B-4E2D646E1498}>netsh int teredo show state
Teredo Parameters
---------------------------------------------
Type                    : client
Server Name             : 202.xxx.xxx.xxx (Group Policy)
Client Refresh Interval : 30 seconds
Client Port             : unspecified
State                   : offline
Error                   : client is in a managed network


C:\Windows\system32\LogSpace\{D6AE2879-3408-4A3E-888B-4E2D646E1498}>netsh int httpstunnel show interfaces

Interface IPHTTPSInterface (Group Policy)  Parameters
------------------------------------------------------------
Role                       : client
URL                        : https://da.company.com:443/IPHTTPS
Last Error Code            : 0x103
Interface Status           : no usable certificate(s) found


C:\Windows\system32\LogSpace\{D6AE2879-3408-4A3E-888B-4E2D646E1498}>netsh dns show state

Name Resolution Policy Table Options
--------------------------------------------------------------------

Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                        if the name does not exist in DNS or
                                        if the DNS servers are unreachable
                                        when on a private network

Query Resolution Behavior             : Resolve only IPv6 addresses for names

Network Location Behavior             : Let Network ID determine when Direct
                                        Access settings are to be used

Machine Location                      : Inside corporate network

Direct Access Settings                : Configured and Disabled

DNSSEC Settings                       : Not Configured

Any one can help me?

Best Regards,
David
davidsatAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit BhatnagarSystems Development Principal - Security and InfrastructureCommented:
OK..The error is for IPHTTPS...Have you tried using Teredo or even 6to4. Please note that to use 6to4, the client machine should have a Public IP assigned to it. If that is not possible...which is quite likely than try using Teredo..Teredo can work behind NAT Devices but you need to make sure that UDP port 3544 Outwards is allowed.
If both 6to4 and Teredo is not an option then make sure you have installed all the required certificates on the Client. It requires Certificate to make a secure IPSEC connection with DA Server.
Also read this article which specifically talks about this error :
http://blogs.technet.com/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
davidsatAuthor Commented:
not really answer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.