DirectAccess/NLS server setup problems

%3CLINGO-SUB%20id%3D%22lingo-sub-689372%22%20slang%3D%22en-US%22%3EDirectAccess%2FNLS%20server%20setup%20problems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-689372%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20tried%20to%20setup%20a%20PoC%20DirectAccess%20in%20a%20Windows%20Server%202016%20following%20the%20step-by-step%20tutorial%20in%20the%20APress%20book%20(Richard%20M.%20Hicks'%20Implementing%20DirectAccess)%20and%20can't%20seem%20to%20get%20the%20NLS%20server%20to%20work.%26nbsp%3B%20Even%20after%20deleting%20all%20certificates%20to%20allow%20it%20to%20generate%20a%20self-signed%20cert%2C%20NLS%20always%20fails%20with%20%22certificate%20binding%20URL%20availability%22%3B%26nbsp%3B%20the%20same%20problem%20occurs%20with%20a%20certificate%20generated%20with%20the%20windows%20server%20AD%2FCS...%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20give%20any%20tips%2C%20advice%2C%20hint%20as%20to%20what%20may%20be%20causing%20this%3B%20like%20what%20is%20causing%20the%20certificate%20binding%20to%20change%3F%26nbsp%3B%20is%20there%20any%20way%20to%20check%2Fensure%20the%20binding%20aside%20from%20the%20Remote%20Access%20Management%20Console%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-693957%22%20slang%3D%22en-US%22%3ERe%3A%20DirectAccess%2FNLS%20server%20setup%20problems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-693957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32454%22%20target%3D%22_blank%22%3E%40Ronald%20Go%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20trying%20to%20configure%20the%20NLS%20on%20the%20DirectAccess%20server%20itself%3F%20If%20so%2C%20choosing%20a%20self-signed%20certificate%20typically%20just%20works.%20Not%20sure%20what%20would%20be%20causing%20that%20to%20fail%20to%20be%20honest.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20practice%20is%20to%20use%20an%20external%20NLS%20that's%20not%20hosted%20on%20the%20DirectAccess%20server.%20If%20you%20can't%20get%20the%20self-signed%20certificate%20to%20work%20you%20might%20consider%20setting%20up%20a%20separate%20NLS%20just%20to%20get%20things%20moving.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-709579%22%20slang%3D%22en-US%22%3ERe%3A%20DirectAccess%2FNLS%20server%20setup%20problems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-709579%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F360750%22%20target%3D%22_blank%22%3E%40Richard_Hicks%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes...%26nbsp%3B%20it's%20mainly%20a%20%22proof%20of%20concept%22%20setup%26nbsp%3B%20to%20show%20what%20can%20be%20accomplished%20with%20DirectAccess%20for%20our%20users.%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20very%20strange%20that%20the%20certificate%20in%20NLS%20keeps%20saying%20another%20process%20changed%20it...%3C%2FP%3E%3CP%3EI'll%20probably%20try%20to%20setup%20another%20virtual%20server%20to%20run%20NLS%20on%20its%20own%20to%20see%20if%20that%20works.%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I've tried to setup a PoC DirectAccess in a Windows Server 2016 following the step-by-step tutorial in the APress book (Richard M. Hicks' Implementing DirectAccess) and can't seem to get the NLS server to work.  Even after deleting all certificates to allow it to generate a self-signed cert, NLS always fails with "certificate binding URL availability";  the same problem occurs with a certificate generated with the windows server AD/CS...  

 

Can anyone give any tips, advice, hint as to what may be causing this; like what is causing the certificate binding to change?  is there any way to check/ensure the binding aside from the Remote Access Management Console?

 

Thanks!

2 Replies
Highlighted

@Ronald Go 

 

Are you trying to configure the NLS on the DirectAccess server itself? If so, choosing a self-signed certificate typically just works. Not sure what would be causing that to fail to be honest. 

 

Best practice is to use an external NLS that's not hosted on the DirectAccess server. If you can't get the self-signed certificate to work you might consider setting up a separate NLS just to get things moving.

 

Thanks!

Highlighted

@Richard_Hicks 

Yes...  it's mainly a "proof of concept" setup  to show what can be accomplished with DirectAccess for our users. 

It's very strange that the certificate in NLS keeps saying another process changed it...

I'll probably try to setup another virtual server to run NLS on its own to see if that works.

Thanks!