DirectAccess Server 2012 - IPSec not working

I had DA working in 2008R2 & Win7.  I turned off that server and disabled the GPO's that were created.  I installed Server2012 with 1 NIC (same servername as 2008 server).  I joined it to the domain and obtained a computer cert for it from my internal enterprise CA.  I have moved the public IP's behind a 1 to 1 NAT.  On the Operations Status page it indicates that IPsec is critical.  "There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess Configuration".  For a resolution I'm supposed to make sure:

1. Cert not expired (expires in 2016)
2. Should have a private key  (might be this one)
3. Should be configured to be used for Client Authentication (perhaps)
4. Should chain to the root/intermediate cert.  (it is the root!)

The cert that is selected is my Entperise Root CA (we don't have an intermediate CA).

Powershell Get-DAServer shows this

PS C:\Users\administrator.mydomain> Get-DAServer

DAInstallType               : FullInstall
InternetInterface           : Ethernet
InternalInterface           : Ethernet
ConnectToAddress            : Home.mypublicdomain.com
SslCertificate              : [Subject]
                                CN=*.mypublicdomain.com, OU=Secure Link SSL Wildcard, OU=IT, O="My Business Name
                               ", STREET=35 My Rd, STREET=Suite ,
                              L=Columbus, S=OH, PostalCode=12345, C=US

                              [Issuer]
                                CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US

                              [Serial Number]
                                46XXXXXXXXXXXXXXXXXXXX99C54XXXXX

                              [Not Before]
                                4/8/2012 8:00:00 PM

                              [Not After]
                                3/27/2014 7:59:59 PM

                              [Thumbprint]
                                F9XXXXXXXXXXXXXXXXXXXX773674A45XXXXXXXXD

GpoName                     : mydomain.local\DirectAccess Server Settings
InternalIPv6Prefix          : {xxxx:yyyy:6821:1::/64}
ClientIPv6Prefix            : xxxx:yyyy:6821:1000::/64
UserAuthentication          : UserPasswd
ComputerCertAuthentication  : Enabled
IPsecRootCertificate        : [Subject]
                                CN=CompCA, DC=mydomain, DC=local

                              [Issuer]
                                CN=CompCA, DC=mydomain, DC=local

                              [Serial Number]
                                6949XXXXXXXXXXXXXXXXXXXXXXXX3FF5

                              [Not Before]
                                8/12/2009 3:11:36 PM

                              [Not After]
                                8/12/2016 3:21:34 PM

                              [Thumbprint]
                                B9XXXXXXXXXXXXXXXXXXXX95642B978XXXXXXXXX

IntermediateRootCertificate : False
TeredoState                 : Disabled
IsSingleNic                 : True
IsNatDeployed               : True
HealthCheck                 : Disabled

How can I fix this?  Do I have the wrong certificate selected for the IPsec cert?  If so, how do I change it?  I can purchase a new public cert or obtain a new cert from my internal CA.  I'd rather not set up an intermediate CA if I don't have to.