You are currently offline, waiting for your internet to reconnect

Error when you run the Get-RemoteAccess cmdlet during DirectAccess setup in Windows Server 2012 Essentials

Consider the following scenario:
  • You configure DirectAccess with the support of Windows 7-based clients on a computer that is running Windows Server 2012 Essentials in a network environment.
  • You set the current certification authority (CA) root certificate to be the trusted root certificate for the DirectAccess client authentication in an Internet Protocol security (IPsec) tunnel.

    Note The CA trusted root certificate is also set on a Windows Server 2012 Essentials-based computer.
  • You try to run the Get-RemoteAccess cmdlet to perform a lookup operation for the CA root certificate during the DirectAccess setup process.
In this scenario, the DirectAccess setup is blocked. Additionally, the cmdlet fails and you receive an error message that resembles the following:
The cmdlet did not run as expected.

Note You also receive the same error message when you open the Remote Access management console after you perform the first two steps.
This issue occurs because the DirectAccess server does not support lookup operations for the certificate that contain a subject name encoded in the UTF-8 format.

Hotfix information

To resolve this issue, install the hotfix on the Windows Server 2012 Essentials-based computer. After you install the hotfix, the DirectAccess server supports lookup operations for the certificate that contain a subject name encoded in the UTF-8 format.

If the DirectAccess client runs Windows 7 after you install the hotfix, then the DirectAccess connections may not work as expected. This issue occurs because the Windows 7-based DirectAccess client does not have inherit support for the certificate in the UTF-8 format. To resolve this issue, install the hotfix that is described in Microsoft Knowledge Base (KB) article 2615847 on the Windows 7-based DirectAccess client. For more information about the hotfix 2615847, click the following article number to view the article in the Microsoft Knowledge Base: 
2615847 "ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH" error when you try to start an IPsec connection between two computers that are running Windows 7 or Windows Server 2008 R2

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


To apply this hotfix, you must be running Windows Server 2012 Essentials.

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2012 file information notes
Important Windows 8 hotfixes and Windows Server 2012 hotfixes are included in the same packages. However, only "Windows 8" is listed on the Hotfix Request page. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 8" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.2.920 0.20 xxxWindows Server 2012RTMLDR
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2012" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x64-based versions of Windows Server 2012
File nameFile versionFile sizeDateTimePlatform
Ps_daappserverconnection_v1.0.0.cdxmlNot applicable2,80502-Jun-201214:33Not applicable
Ps_daappserver_v1.0.0.cdxmlNot applicable10,04202-Jun-201214:33Not applicable
Ps_daclientdnsconfiguration_v1.0.0.cdxmlNot applicable8,44302-Jun-201214:33Not applicable
Ps_daclient_v1.0.0.cdxmlNot applicable13,14102-Jun-201214:33Not applicable
Ps_daentrypointdc_v1.0.0.cdxmlNot applicable6,23502-Jun-201214:33Not applicable
Ps_daentrypoint_v1.0.0.cdxmlNot applicable10,83302-Jun-201214:33Not applicable
Ps_damgmtserver_v1.0.0.cdxmlNot applicable6,14902-Jun-201214:33Not applicable
Ps_damultisite_v1.0.0.cdxmlNot applicable8,88002-Jun-201214:33Not applicable
Ps_danetworklocationserver_v1.0.0.cdxmlNot applicable6,34602-Jun-201214:33Not applicable
Ps_daotpauthentication_v1.0.0.cdxmlNot applicable9,82202-Jun-201214:33Not applicable
Ps_daserver_v1.0.0.cdxmlNot applicable12,50802-Jun-201214:33Not applicable
Ps_remoteaccessaccounting_v1.0.0.cdxmlNot applicable7,44302-Jun-201214:33Not applicable
Ps_remoteaccessconnectionstatisticssummary_v1.0.0.cdxmlNot applicable3,11702-Jun-201214:33Not applicable
Ps_remoteaccessconnectionstatistics_v1.0.0.cdxmlNot applicable3,42302-Jun-201214:33Not applicable
Ps_remoteaccesshealth_v1.0.0.cdxmlNot applicable3,67202-Jun-201214:33Not applicable
Ps_remoteaccessinboxaccountingstore_v1.0.0.cdxmlNot applicable4,36702-Jun-201214:33Not applicable
Ps_remoteaccessloadbalancernode_v1.0.0.cdxmlNot applicable5,32902-Jun-201214:33Not applicable
Ps_remoteaccessloadbalancer_v1.0.0.cdxmlNot applicable8,91002-Jun-201214:33Not applicable
Ps_remoteaccessradius_v1.0.0.cdxmlNot applicable14,91002-Jun-201214:33Not applicable
Ps_remoteaccessuseractivity_v1.0.0.cdxmlNot applicable5,54702-Jun-201214:33Not applicable
Ps_remoteaccess_v1.0.0.cdxmlNot applicable17,75202-Jun-201214:33Not applicable
Ps_vpnauthprotocol_v1.0.0.cdxmlNot applicable4,31902-Jun-201214:33Not applicable
Ps_vpnauthtype_v1.0.0.cdxmlNot applicable4,88902-Jun-201214:33Not applicable
Ps_vpnipaddressassignment_v1.0.0.cdxmlNot applicable5,01202-Jun-201214:33Not applicable
Ps_vpnipaddressrange_v1.0.0.cdxmlNot applicable4,09802-Jun-201214:33Not applicable
Ps_vpns2sinterfacestatistics_v1.0.0.cdxmlNot applicable2,69802-Jun-201214:33Not applicable
Ps_vpns2sinterface_v1.0.0.cdxmlNot applicable54,83902-Jun-201214:33Not applicable
Ps_vpnserveripsecconfiguration_v1.0.0.cdxmlNot applicable12,57302-Jun-201214:33Not applicable
Ps_vpnuser_v1.0.0.cdxmlNot applicable3,49102-Jun-201214:33Not applicable
Ramgmtpsprovider.format.ps1xmlNot applicable154,33002-Jun-201214:33Not applicable
Ramgmtpsprovider.mofNot applicable127,47802-Jun-201214:33Not applicable
Ramgmtpsprovider.types.ps1xmlNot applicable149,80902-Jun-201214:33Not applicable
Ramgmtpsprovider_uninstall.mofNot applicable10,32602-Jun-201214:33Not applicable
Remoteaccess.psd1Not applicable3,75602-Jun-201214:33Not applicable
Ps_daappserverconnection_v1.0.0.cdxmlNot applicable2,80506-Jul-201219:56Not applicable
Ps_daappserver_v1.0.0.cdxmlNot applicable10,04206-Jul-201219:56Not applicable
Ps_daclientdnsconfiguration_v1.0.0.cdxmlNot applicable8,44306-Jul-201219:56Not applicable
Ps_daclient_v1.0.0.cdxmlNot applicable13,14106-Jul-201219:56Not applicable
Ps_daentrypointdc_v1.0.0.cdxmlNot applicable6,23506-Jul-201219:56Not applicable
Ps_daentrypoint_v1.0.0.cdxmlNot applicable10,83306-Jul-201219:56Not applicable
Ps_damgmtserver_v1.0.0.cdxmlNot applicable6,14906-Jul-201219:56Not applicable
Ps_damultisite_v1.0.0.cdxmlNot applicable8,88006-Jul-201219:56Not applicable
Ps_danetworklocationserver_v1.0.0.cdxmlNot applicable6,34606-Jul-201219:56Not applicable
Ps_daotpauthentication_v1.0.0.cdxmlNot applicable9,82206-Jul-201219:56Not applicable
Ps_daserver_v1.0.0.cdxmlNot applicable12,50806-Jul-201219:56Not applicable
Ps_remoteaccessaccounting_v1.0.0.cdxmlNot applicable7,44306-Jul-201219:56Not applicable
Ps_remoteaccessconnectionstatisticssummary_v1.0.0.cdxmlNot applicable3,11706-Jul-201219:56Not applicable
Ps_remoteaccessconnectionstatistics_v1.0.0.cdxmlNot applicable3,42306-Jul-201219:56Not applicable
Ps_remoteaccesshealth_v1.0.0.cdxmlNot applicable3,67206-Jul-201219:56Not applicable
Ps_remoteaccessinboxaccountingstore_v1.0.0.cdxmlNot applicable4,36706-Jul-201219:56Not applicable
Ps_remoteaccessloadbalancernode_v1.0.0.cdxmlNot applicable5,32906-Jul-201219:56Not applicable
Ps_remoteaccessloadbalancer_v1.0.0.cdxmlNot applicable8,91006-Jul-201219:56Not applicable
Ps_remoteaccessradius_v1.0.0.cdxmlNot applicable14,91006-Jul-201219:56Not applicable
Ps_remoteaccessuseractivity_v1.0.0.cdxmlNot applicable5,54706-Jul-201219:56Not applicable
Ps_remoteaccess_v1.0.0.cdxmlNot applicable17,75206-Jul-201219:56Not applicable
Ps_vpnauthprotocol_v1.0.0.cdxmlNot applicable4,31906-Jul-201219:56Not applicable
Ps_vpnauthtype_v1.0.0.cdxmlNot applicable4,88906-Jul-201219:56Not applicable
Ps_vpnipaddressassignment_v1.0.0.cdxmlNot applicable5,01206-Jul-201219:56Not applicable
Ps_vpnipaddressrange_v1.0.0.cdxmlNot applicable4,09806-Jul-201219:56Not applicable
Ps_vpns2sinterfacestatistics_v1.0.0.cdxmlNot applicable2,69806-Jul-201219:56Not applicable
Ps_vpns2sinterface_v1.0.0.cdxmlNot applicable54,83906-Jul-201219:56Not applicable
Ps_vpnserveripsecconfiguration_v1.0.0.cdxmlNot applicable12,57306-Jul-201219:56Not applicable
Ps_vpnuser_v1.0.0.cdxmlNot applicable3,49106-Jul-201219:56Not applicable
Ramgmtpsprovider.format.ps1xmlNot applicable154,33006-Jul-201219:56Not applicable
Ramgmtpsprovider.types.ps1xmlNot applicable149,80906-Jul-201219:56Not applicable
Remoteaccess.psd1Not applicable3,75606-Jul-201219:56Not applicable

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about DirectAccess, go to the following Microsoft website: For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information

Additional file information for Windows Server 2012

Additional files for all supported x64-based versions of Windows Server 2012
File nameAmd64_3784a5d5c733f3e74e01a2a29daaebc6_31bf3856ad364e35_6.2.9200.20588_none_ffc12daeef2c4c7c.manifest
File versionNot applicable
File size1,068
Date (UTC)19-Dec-2012
Time (UTC)13:11
PlatformNot applicable
File nameAmd64_microsoft-windows-ra-mgmt-wmiv2provider_31bf3856ad364e35_6.2.9200.20588_none_99b75a4fa1060b32.manifest
File versionNot applicable
File size102,310
Date (UTC)19-Dec-2012
Time (UTC)02:59
PlatformNot applicable
File nameWow64_microsoft-windows-ra-mgmt-wmiv2provider_31bf3856ad364e35_6.2.9200.20588_none_a40c04a1d566cd2d.manifest
File versionNot applicable
File size99,064
Date (UTC)19-Dec-2012
Time (UTC)01:07
PlatformNot applicable

Article ID: 2796394 - Last Review: 01/23/2013 06:55:00 - Revision: 1.0

Windows Server 2012 Essentials

  • kbautohotfix kbqfe kbhotfixserver kbfix kbsurveynew kbexpertiseadvanced kberrmsg KB2796394