Quantcast
Channel: Forefront Edge Security – DirectAccess, UAG and IAG フォーラム
Viewing all articles
Browse latest Browse all 1485

DirectAccess-RADIUS-Encrypt-ourhostname.ourdomain.com certificates 5y lifetime is over - How to renew? Or should we?

$
0
0

Hi,

just discovered that our DirectAccess-RADIUS-Encrypt-ourhostname.ourdomain.com certificate (in Local Computer/Personal/Certificates) has expired. I think it is generated when DirectAccess is setup via wizard.

What this certificate do? How to renew it?

I found this when I started to inspect two red cross over our first directaccess server (two server farm, second server is totally healty) health monitor: 

IP-HTTPS Not working properly: The IP-HTTPS certificate is missing. Causes: The certificate has been removed from the computer store.

IPsec Not working properly: There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration. Several causes.

These two errors seems to pump on/off in mysterious interval.  Suddenly everything is green on healty monitor without doing anything and other time this two redcross is back :(  Other certificates (other than da-radius-encrypt) are valid and running.

Any ideas? :)


Tsiksuka


Viewing all articles
Browse latest Browse all 1485

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>