Direct Access problem - HTTP 404 error since installing new certificate

Gloria Gu 3,961 Reputation points
2020-07-15T05:35:17.267+00:00

Hello all,

I have taken over at a school that uses Direct Access. The previous IT Manager used free 90 day certificates which expired on Direct Access stopping it working. I purchased a domain wildcard and (believe) I have installed it correctly. It was difficult for me as the server is running core edition so I had to import and bind with Powershell which I haven't done before.

As soon as I did the bind, I could see the certificate looked good where as before it was expired however on refresh, a not found http 404 error is shown instead of the usual IIS landing page.

I used an SSL Checker site which shows everything is ok with the certificate. I wonder if this is because I have gone form a specific certificate aquired for that address, i.e a certificate created for da.domain.org to a *.domain.org wildcard. Do I need to change some settings in Direct Access?

One thing I did also notice that may be relevant is that if I use MMC to connect to the personal certificate store of the server, I don't see my new certificate in there where as I can see the old ones. I imported to the personal 'MY' store.

Any help would be really appreciated.

Many Thanks

Thread source link: https://social.technet.microsoft.com/Forums/en-US/116b1601-e1c8-4806-9529-efba82986c7c/direct-access-problem-http-404-error-since-installing-new-certificate?forum=winserverNIS

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
0 comments No comments

Answer accepted by question author

Anonymous
2020-07-16T01:42:06.987+00:00

Hi ,

Welcome to our new Microsoft Q&A Platform.

According to the error code, please try to updates available kb2975719 and kb2975331 which address this issue, depending on the Operating System.

Please refer the following link for more details:

https://blogs.technet.microsoft.com/silvana/2014/03/14/schannel-errors-on-scom-agent/

Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

You can check some browsers might simply not support the required level of SSL/TLS configured on your server.

Refer the following article for more information:

https://learn.microsoft.com/zh-cn/archive/blogs/kaushal/ssltls-alert-protocol-the-alert-codes

If the problem still unsolved, it is recommended to have this asked in AD forum for better answers.

AD forum: https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS

About event ID:10016,these events can be safely ignored because they do not adversely affect functionality and are by design.

Please refer the following link:

https://support.microsoft.com/en-us/help/4022522/dcom-event-id-10016-is-logged-in-windows

Best Regards,

Candy

Was this answer helpful?

0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.