1. Certificate template configured for OTP authentication cannot be reached.
2. Certificate template used for OTP authentication is configured incorrectly.
1. The certificate template was deleted or renamed.
2. The Remote Access server does not have the required permissions to enroll the certificate template.
3. The DirectAccess user does not have the required read permissions for the certificate template.
4. The certificate template is not suitable for issuing OTP certificates. Possible causes:
a. Enhanced key usage is not smart card logon.
b. Key usage is not digital signature.
c. Validity period exceeds four hours.
d. Subject name is not set to be supplied in the request.
5. The certificate template is misconfigured.
1. Ensure that the certificate template exists on the domain controller.
2. Ensure that Remote Access server has read and enrollment permissions for the certificate template.
3. Ensure that DirectAccess users have read permissions for the certificate template
4. Ensure that the certificate template name is configured correctly in the Remote Access Setup Wizard.
| Target | Microsoft.Windows.RemoteAccess.DirectAccessServer.Class | ||
| Parent Monitor | System.Health.AvailabilityState | ||
| Category | Custom | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | Microsoft.Windows.RemoteAccess.Monitor.Heuristic.MonitorType | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home