Home

DirectAccess/NLS server setup problems

%3CLINGO-SUB%20id%3D%22lingo-sub-689372%22%20slang%3D%22en-US%22%3EDirectAccess%2FNLS%20server%20setup%20problems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-689372%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20tried%20to%20setup%20a%20PoC%20DirectAccess%20in%20a%20Windows%20Server%202016%20following%20the%20step-by-step%20tutorial%20in%20the%20APress%20book%20(Richard%20M.%20Hicks'%20Implementing%20DirectAccess)%20and%20can't%20seem%20to%20get%20the%20NLS%20server%20to%20work.%26nbsp%3B%20Even%20after%20deleting%20all%20certificates%20to%20allow%20it%20to%20generate%20a%20self-signed%20cert%2C%20NLS%20always%20fails%20with%20%22certificate%20binding%20URL%20availability%22%3B%26nbsp%3B%20the%20same%20problem%20occurs%20with%20a%20certificate%20generated%20with%20the%20windows%20server%20AD%2FCS...%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20give%20any%20tips%2C%20advice%2C%20hint%20as%20to%20what%20may%20be%20causing%20this%3B%20like%20what%20is%20causing%20the%20certificate%20binding%20to%20change%3F%26nbsp%3B%20is%20there%20any%20way%20to%20check%2Fensure%20the%20binding%20aside%20from%20the%20Remote%20Access%20Management%20Console%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-693957%22%20slang%3D%22en-US%22%3ERe%3A%20DirectAccess%2FNLS%20server%20setup%20problems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-693957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32454%22%20target%3D%22_blank%22%3E%40Ronald%20Go%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20trying%20to%20configure%20the%20NLS%20on%20the%20DirectAccess%20server%20itself%3F%20If%20so%2C%20choosing%20a%20self-signed%20certificate%20typically%20just%20works.%20Not%20sure%20what%20would%20be%20causing%20that%20to%20fail%20to%20be%20honest.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20practice%20is%20to%20use%20an%20external%20NLS%20that's%20not%20hosted%20on%20the%20DirectAccess%20server.%20If%20you%20can't%20get%20the%20self-signed%20certificate%20to%20work%20you%20might%20consider%20setting%20up%20a%20separate%20NLS%20just%20to%20get%20things%20moving.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-709579%22%20slang%3D%22en-US%22%3ERe%3A%20DirectAccess%2FNLS%20server%20setup%20problems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-709579%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F360750%22%20target%3D%22_blank%22%3E%40Richard_Hicks%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes...%26nbsp%3B%20it's%20mainly%20a%20%22proof%20of%20concept%22%20setup%26nbsp%3B%20to%20show%20what%20can%20be%20accomplished%20with%20DirectAccess%20for%20our%20users.%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20very%20strange%20that%20the%20certificate%20in%20NLS%20keeps%20saying%20another%20process%20changed%20it...%3C%2FP%3E%3CP%3EI'll%20probably%20try%20to%20setup%20another%20virtual%20server%20to%20run%20NLS%20on%20its%20own%20to%20see%20if%20that%20works.%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ronald Go
New Contributor

I've tried to setup a PoC DirectAccess in a Windows Server 2016 following the step-by-step tutorial in the APress book (Richard M. Hicks' Implementing DirectAccess) and can't seem to get the NLS server to work.  Even after deleting all certificates to allow it to generate a self-signed cert, NLS always fails with "certificate binding URL availability";  the same problem occurs with a certificate generated with the windows server AD/CS...  

 

Can anyone give any tips, advice, hint as to what may be causing this; like what is causing the certificate binding to change?  is there any way to check/ensure the binding aside from the Remote Access Management Console?

 

Thanks!

2 Replies

@Ronald Go 

 

Are you trying to configure the NLS on the DirectAccess server itself? If so, choosing a self-signed certificate typically just works. Not sure what would be causing that to fail to be honest. 

 

Best practice is to use an external NLS that's not hosted on the DirectAccess server. If you can't get the self-signed certificate to work you might consider setting up a separate NLS just to get things moving.

 

Thanks!

@Richard_Hicks 

Yes...  it's mainly a "proof of concept" setup  to show what can be accomplished with DirectAccess for our users. 

It's very strange that the certificate in NLS keeps saying another process changed it...

I'll probably try to setup another virtual server to run NLS on its own to see if that works.

Thanks!

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies