Hi All,
I'm configuring DirectAccess on a fresh install of Server 2016. This is a single server, single NIC, behind NAT environment with no UAG in the mix. Only Windows 8/10 clients will be connecting to this environment. No Windows 7 PKI clients to keep things simple.
I believe I have everything in place except for some confusion on the certificate parts. I'm using a public CA certificate from Digicert and under the Configuration > DirectAccess and VPN > Remote Access Server (Step 2) area, I enter in the public name of my DA server (da.domain.com). I assume this is the correct thing to enter in there and not the internal IPv4 address of my NIC?
Anyways, I get to the Network Adapters section where I can select a certificate. By default, it has the self-signed cert. I've since changed this to the Digicert certificate which has a common name of 'da.domain.com'. I then go to the Authentication section and under User Authentication, I have 'Active Directory Credentials (username/password)' selected and everything else is unchecked. In this single server scenario, do I need to select the 'Use computer certificates' or the Intermediate Certificate? If so, what certificate do I use for those? Self-signed from our Enterprise CA server, or from the public Digicert CA?
My Windows 10 laptop is getting the updated DirectAccess Client GPO, but it will not connect. I've downloaded and ran the DirectAccess Client Troubleshooter tool, but I'm not sure if I need to run that when connected to the local domain, or when connected
from an outside network? It tells me I have a certificate problem as one of the errors. What type of troubleshooting needs to be done to determine why it's not connecting?
Rory Schmitz
