Hello everybody,
I'm currently having trouble with IPSEC authentification of Windows 7 nomade client with Direct Access on Server 2012.
Direct Access is enabled for Windows 7 and Windows 8. Problem impact ONLY Windows 7. Client with Windows 8 working Well.
I connect to DA serveur with IP-HTTPS, i have my own Internal PKI (Windows Sevrer 2003). i auto-enroll computer certificat with GPO. template is "Computer" Cetificat (client authentification, server Authentification).
if i enroll computer certificats to a windows 7 client, and connect it to internet, it connect with Direct Access without problem. i can see Quick Mode/Principal Mode, working for IPSec tunnel.
BUT, if i shut down this computer, waitng 12h-15hours, and connect it to the internet again, i can't get connected to DirectAccess anymore, indeed IPSec authentification failed.
Windows 8 computer ARE NOT impacted. (they use proxy kerberos i guess).
To get the Windows 7 nomade computer working again i need to connect it to the Enterprise network, and do an "GPUPDATE /force" (with Auto-enroll certificats GPO enbaled) , deconnect, reconnect to the internet, and working again with Direct Access! weird!
looks problem comming with time (ntp) and Certificats.? my certificats is not expired since all are valid for 1 years!
best Regards,
Marc