The Certificate Templates MMC snap-in in Windows Server 2003 doesn't allow you to set the renewal period of a template to 1 hour. When configuring the DirectAccess OTP logon template using Windows 2003 CA, it is not possible to set the renewal period of the template to 1 hour. If not, right-click Certificate Templates, click New, click Certificate Template to issue, and then select the templates you want to enable.Ĭannot set renewal period of OTP template to 1 hour In the left pane, expand the chosen CA server.Ĭlick Certificate Templates and make sure the required templates are enabled.
On the CA server, open the Certification Authority console. Make sure that the configured CAs in the OTP CA Servers list are configured to issues the relevant templates:
#CUDALAUNCH TIME REGISTRATION#
Make sure that the OTP logon template and the OTP signing certificate template are configured properly as described in 3.2 Plan the OTP certificate template and 3.3 Plan the registration authority certificate. The selected CAs under OTP CA Servers are not configured to issue the required templates. The template is not configured according to the DirectAccess OTP requirements and so it cannot be selected. There are two possible causes for this error: While configuring OTP or registration authority certificate templates using the Remote Access Management console, some, or all of the templates are missing from the selection windows. No templates available in the Remote Access Management console Re-apply the DirectAccess OTP configuration. Right-click WebDAV Publishing, and then click Remove Role or Feature.Ĭomplete the Remove Roles and Features Wizard. In the main pane, scroll to ROLES AND FEATURES. In the Server Manager console, in the left-pane, click IIS. The DirectAccess OTP service is incompatible with the WebDAV Publishing feature and cannot be enabled while WebDAV is installed. Remove WebDAV and apply the settings again. DirectAccess OTP settings cannot be applied because the WebDAV IIS extension is running on the server. While attempting to apply the DirectAccess OTP configuration in the Remote Access Management console or by using the Enable-DAOtpAuthentication PowerShell cmdlet, the operation fails.Įrror received (server event log). If the template doesn't exist, create it as described in 3.3 Plan the registration authority certificate, or if another matching template exists reconfigure DirectAccess OTP with the new template name.įailed to enable DirectAccess OTP when WebDAV is installed
Is set to be issued by at least one CA that can issue certificates to the DirectAccess server. Make sure that the OTP signing certificate template with the given name: There is no network connectivity to the issuing certification authority (CA). The permissions set on the template do not allow the DirectAccess server to enroll. There are three possible causes for this error: An OTP signing certificate cannot be enrolled using certificate template Failed to enroll the OTP signing certificateĮrror received (server event log). This topic contains troubleshooting information for issues related to enabling DirectAccess OTP authentication using either the Enable-DAOtpAuthentication PowerShell cmdlet or the Remote Access Management console. Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016