Hello All,
Recently came across an IPsec error in the Direct Access Operations Status page after both direct access servers auto renewed themselves from SHA1 to SHA2.
The following criteria has been met:
New SHA256 cert is not expired
It does have a private key
Configured for Client / Server authentication
Is chained to configured root/indeterminate cert
CRL is accessible
SSL certificate for the IP-HTTPS listener is also purchased through a public CA therefore eliminating CRL issues.
Thanks in advance for any assistance that may be provided.