DirectAccess OTP health check shows critical state when a CA or NPS server is unreachable

Gjelder: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 EssentialsWindows Server 2012 Essentials


Consider the following scenario:
  • DirectAccess is configured to use One Time Password (OTP) support.
  • Multiple OTP certification authorities are defined, or multiple OTP RADIUS servers are defined. (Or, multiple OTP certification authorities and multiple OTP RADIUS servers are defined.)
  • One or more (but not all) of the OTP certification authorities or OTP RADIUS servers are unavailable.
In this scenario, the health status on the Remote Access Management Console dashboard or in the Operation Status field may display an error condition. This condition indicates that some servers are unreachable.


This is a known issue. When at least one OTP certification authority server or OTP RADIUS server is reachable, you should receive a warning message instead of a critical error condition. 


Even though an error condition is reported instead of a warning, OTP authentication will continue to work as long as there is at least one reachable OTP certification authority server or OTP RADIUS server.

More Information

For more information, see the following TechNet website: