Hi All-
We are in the process of moving to a new PKI hierarchy and are testing new certificates. We currently have a 3-server multisite configuration and it is working with no issues. However, when I change the intermediate certificate to the new SubCA cert, update GPO on my computer and then try and test, I get the infamous Connecting status from my DA connection. Here is what I have verified:
1) Computers have new certificates from the new CA and can verify chain. The certificate template I am using for computers contains the DNS entry for the alternate subject name.
2)Verified I received the updated GPO that specifies the new SubCA cert before testing.
When I run the DirectAccess Client Troubleshooting tool:
Teredo interface state value is unknown
No response received from mydomain.com
Certificate tests PASS
Failed to connect to domain sysvol share
Probes List http://directaccess-WebProbeHost.mydomain.com(FAIL)
As soon as I switch the cert back to the old SubCA, update GPO, connectivity starts working again. Is there some other configuration I need to do besides simply specifying a new SubCA cert?