Error when you run the Get-RemoteAccess cmdlet during DirectAccess setup in Windows Server 2012 Essentials

Symptoms

Consider the following scenario:
  • You configure DirectAccess with the support of Windows 7-based clients on a computer that is running Windows Server 2012 Essentials in a network environment.
  • You set the current certification authority (CA) root certificate to be the trusted root certificate for the DirectAccess client authentication in an Internet Protocol security (IPsec) tunnel.

    Note The CA trusted root certificate is also set on a Windows Server 2012 Essentials-based computer.
  • You try to run the Get-RemoteAccess cmdlet to perform a lookup operation for the CA root certificate during the DirectAccess setup process.
In this scenario, the DirectAccess setup is blocked. Additionally, the cmdlet fails and you receive an error message that resembles the following:
The cmdlet did not run as expected.

Note You also receive the same error message when you open the Remote Access management console after you perform the first two steps.

Cause

This issue occurs because the DirectAccess server does not support lookup operations for the certificate that contain a subject name encoded in the UTF-8 format.

Resolution

Hotfix information

To resolve this issue, install the hotfix on the Windows Server 2012 Essentials-based computer. After you install the hotfix, the DirectAccess server supports lookup operations for the certificate that contain a subject name encoded in the UTF-8 format.

If the DirectAccess client runs Windows 7 after you install the hotfix, then the DirectAccess connections may not work as expected. This issue occurs because the Windows 7-based DirectAccess client does not have inherit support for the certificate in the UTF-8 format. To resolve this issue, install the hotfix that is described in Microsoft Knowledge Base (KB) article 2615847 on the Windows 7-based DirectAccess client. For more information about the hotfix 2615847, click the following article number to view the article in the Microsoft Knowledge Base: 
2615847 "ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH" error when you try to start an IPsec connection between two computers that are running Windows 7 or Windows Server 2008 R2

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running Windows Server 2012 Essentials.

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.
File information


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about DirectAccess, go to the following Microsoft website: For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information

Additional file information for Windows Server 2012

Additional files for all supported x64-based versions of Windows Server 2012
Additional files for all supported x64-based versions of Windows Server 2012
Propriétés

ID d'article : 2796394 - Dernière mise à jour : 23 janv. 2013 - Révision : 1

Commentaires