DirectAccess Certificate Binding Error

Problem:

I recently set up a single server DirectAccess box on Server 2012 R2.  I started having problems with clients not properly discovering the Network Location Server.  I logged on to the DirectAccess server and noticed the following on the Remote Access Management Console.

Specifically, the Network Location Server service reported an issue with Certificate Binding and Server Availability.

The specific error was:

The certificate binding for the network location server has been modified. Without the correct certificate, connectivity for DirectAccess clients located in the internal network will not work as expected.

Initially I thought there was something wrong with my DirectAccess certificate.  I also received an error when I checked the certificate in Infrastructure Setup.

The certificate subject name cannot be resolved to a valid IP address.

Solution:

The DNS entries that DirectAccess creates when it is set up were accidentally deleted in DNS by scavenging rules.

The entries that I had to add back were:

DirectAccess-NLS
DirectAccess-WebProbeHost
DirectAccess-CorpConnectivityHost

The CorpConnectivityHost entry had both “A” and “AAAA” records. The other two were just “A” records.

After adding these DNS entries, the errors went away.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s