Hi all
I am looking for input on a strange error. A customer has implemented DirectAccess (single NIC), using computer certificates for authentication, but when outside, the DirectAccess Connectivity Assistant 2.0 reports:
Corporate Connectivity is not working
An authentication certificate cannot be validated. No connection to the IP-HTTPS certificate revocation list (CRL) is available. Contact the site administrator.
The DirectAccess server is accessible from outside with the correct certificate (https://da2012.customer.com/IPHTTPS), which contains contains a CDP ofhttp://crl.customer.com/crld which is also accessible from outside (as well as an LDAP-based CDP which is not available from the outside).
Running certutil -verify -urlfetch exported-iphttps-certificate.cer passes the validation, and in the Enterprise PKI snap-in all CDP/AIAs show up as OK.
I am about to install KB2615847 but am not sure if this is related since the IPsec tunnel is not between Win7-Windows2008R2, but Win7-WindowsServer2012.
Any suggestions?
Best regards
Maurice