Direct Access 2012 - Can it be set to use an alternate port to 443

Similar Messages

• Direct Access 2012 R2 - Problems with Force Tunneling and other questions

  I have just setup a Direct Access 2012 R2 server in my network, 2012 domain and all Windows 8 clients. 
  Internal CA environment (no external CRL) using a public issued cert for IPHTTPS tunnel, 2 interfaces for the DA server, 1 internal and 1 in the DMZ behind a NAT firewall (1 public IPv4 address) and my test clients are connecting fine to internal resources.
  1.  When I enable Force Tunneling the clients no longer are able to access the external internet.  Is there anything I need to add to make this work?
  2.  I am having trouble with our Remote Desktop Session Hosts.  I can only assume it has something to do with the DNS  as we have our AD domain performing internal DNS of the int.contoso.com domain and public DNS performing for the external
  Contoso.com domain (RDWA etc).  DA has only int.contoso.com set as a DNS Name Suffix in the Infrastructure Setup.  Should I add the external contoso.com Name Suffix in there too?
  3.  I have a Kaspersky Security Center server for centralized AV admin, can I still push out AV updates to the clients that connect with DA.  Do I add my KSC server to the Management Servers list in the Infrastructure Server Setup page on the DA
  setup.   Does that list allow those servers to access the DA clients?

  Hi,
  Let's solve problems one by one. Force tunneling. When enabled, all network trafic from DirectAccess clients goes throught IPSEC tunnels. Just configure a proxy on your DirectAccess clients (with a FQDN of course) and your clients should be able to surf
  internet again.
  RDS : Depend. Where are your RDS servers registred internal zone DNS or external DNS zone. If a DirectAccess client cannot resolve a name it does not know if it has to go throught the tunnel. At last can you ping your RDS Server?
  Remote Management : Right. Adding servers in this list allow them to use the IPSEC infrastructure tunnel (computer established tunnel) without users being logged.
  BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

• Enterprise DNS servers are not responding when using Windows NLB with Direct Access 2012

  Hi
  We have installed Direct Access 2012 as one server installation:
  - Two network cards. First one in DMZ and second one in internal network
  - Two consecutive IP addresses configured in DMZ because of Teredo
  - PKI because of Win7 Clients IPSec
  - Our corporate network is native IPv4 so we use DNS64/NAT64 and DA-server is configured as DNS
  - DA-servers are VMWare virtual machines 
  One server installation works fine and now we want to use Windows NLB as load balancing. NLB installation goes fine too,
  but problem is DNS. If we still try to use DA-server as DNS there comes error message below
  None of the enterprise DNS servers 2002:xxxx:xxxx:3333::1 used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.
  When trying to configure DNS using Infrastructure access setup, DNS cannot be validated when using DA-servers DIP or cluster VIP. Only domain local DNS looks to be ok but those have no IPv6 addressess. So how DNS should be configured when using multicast
  NLB? 
  Tried to remove name suffix then adding again => Detect DNS server => DA-server IPv6 address found => validate => The specified DNS server is not responding...
  Then tried to ping detected address => General failure
  NLB clusters are configured as multicast and static ARPs are configured too. Both clusters can be connected from those subnets as they should be. 
  Any clues how to fix this?
  ~ Jukka ~

  Hi,
  Your question falls into the paid support category which requires a more in-depth level of support.  Please visit the below link to see the various
  paid support options that are available to better meet your needs.
  http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Can GPS be set to use on ipad 3 when not online?

  New to ipad, can GPS be set to use when on the road , ie not online?

  Welcome to the Apple Support Communities
  GPS only works offline when you have a Wi-Fi + Cellular iPad. If you don't have one, you will have to buy a peripheral to use GPS function and the map from the App Store, for example, from TomTom

• Configuration of Direct Access 2012

  Good morning.
  I have tried to set up Direct Access from what I see is pretty much a 30-40 minute job, but has turned out to be something of a pain. Having followed the video on youtube for Windows Server 2012 with Basic PKI configuration and Windows 7 clients. I
  have set up a working DA server with no issues and all green ticks.
  Here's a run down.
  I have a DC (2012) with the CA already installed.
  I have a virtual DA (2012) set up with the advanced settings.
  I have a a TMG 2010 server as the firewall with a Non-Web Publishing rule designed to forward HTTPS requests to the DA on the internal network.
  The set up went as planned and I followed the instruction to set up the PKI and all computers have picked up a computer Certificate for the CA so that the internal root is validated.
  The Certificates that I chose for the DA server were as follows;
  DirectAccess-NLS.mydomain.local
  remote.my-external-domain-name.co.uk
  both published from my internal CA so that the root of the certificates were valid.
  I have a Third party wildcard cert ( *.my-external-domain-name.co.uk ) for TMG to allow other connection such as VPN and web access.
  DA Config:
  Step 1: Remote Clients
  I set up the DA server as per the video, set the DirectAccessClient group, and in the
  Network Connectivity Assistant The resource was filled in with the
  http://diectaccess-WebProbeHost URL.
  Step 2: Remote Access Server
  The Network Topology was set to Behind an edge device (with single network adapter), and then is says to type in the 'PUBLIC NAME' used by clients to connect to the Remove Access Server. Here I typed in the external DNS
  name remote.my-external-domain-name.co.uk.
  Network Adapters had the one ethernet and an IPv6 address. The
  Select Certificate sued to authenticate IP-HTTPS connections has the CN=remote.my-external-domain-name.co.uk.
  Authentication is set to AD and I used the root certificate of the CA for
  use computer certificates. I also Enabled windows 7 client computers to connect via DirectAccess.
  Step 3: Infrastructure Servers
  Network Location Sevrer had the NLS is deployed on this server with the
  DirectAccess-NLS cert.
  DNS had the internal domain and the DirectAccess-NLS. the Internal domain was pointing to the IPv4 address of the DA. I read that I need to put the external name suffix of remote.my-external-domain-name.co.uk entry in and pointed that
  to the internal DA IPv4 address also.
  DNS Suffix List was set automatically and I also added my external domain name just in case.
  Managerment was straight forward and I pointed to our System Centre 2012 R2 server.
  Upon clicking finish and applying the GPO policies everything went according to plan. All green ticks. I did a GPupdate on the client I was testing and the GPO policies came through.
  Now the issue I have is that on the internal network I get the Last Error 0x80190190 unable to connect to server. Now I am sure that this should say active as it is inside the network. I get the same error out side. When I check the DA server for
  netsh int https sh int  it returns the value that client authentication = NONE. I set it up to use computer certificates and even is I uncheck that it does not change. 
  It there a straight forward thing I missed or is it to do with publishing in TMG. Internally the direct access client will not connect as it will find the NLS in the internal DNS as I have the host record for both the server FQDN and the DirectAccess-NLS
  potining to the IPv4 address. I also have the external remote.my-external-domain-name.co.uk entry in the internal DNS to point to the internal IPv4.
  I have opened the ports for 443, 62000 on the DA for the IIS inbound and outbound. 
  I have a windows 8 client but need to test it as Windows 8 is supposed to work just like that.
  What am I doing wrong here?? Any ideas would be much appreciated. 

  Thank you for this Jordan.
  I have now got it working. The next step is to make sure my applications are all using Names rather than IP addresses.
  I have basically setup the system as per my original thread that follows, NOT in BOLD.
  I have tried to set up Direct Access from what I see is pretty much a 30-40 minute job, but has turned out to be something of a pain. Having followed the video on youtube for Windows Server 2012 with Basic PKI configuration and Windows 7 clients. I have
  set up a working DA server with no issues and all green ticks.
  Here's a run down.
  I have a DC (2012) with the CA already installed.
  I have a virtual DA (2012) set up with the advanced settings.
  I have a a TMG 2010 server as the firewall with a Non-Web Publishing rule designed to forward HTTPS requests to the DA on the internal network.
  The set up went as planned and I followed the instruction to set up the PKI and all computers have picked up a computer Certificate for the CA so that the internal root is validated.
  The Certificates that I chose for the DA server were as follows;
  DirectAccess-NLS.mydomain.local
  remote.my-external-domain-name.co.uk
  both published from my internal CA so that the root of the certificates were valid.
  I have a Third party wildcard cert ( *.my-external-domain-name.co.uk ) for TMG to allow other connection such as VPN and web access.
  DA Config:
  Step
  1: Remote Clients
  I set up the DA server as per the video, set the DirectAccessClient group, and in the Network Connectivity Assistant The resource was
  filled in with the http://diectaccess-WebProbeHost URL.
  Step
  2: Remote Access Server
  The Network Topology was set to Behind
  an edge device (with single network adapter), and then is says to type in the 'PUBLIC NAME' used by clients to connect to the Remove Access Server. Here I typed in the external DNS name remote.my-external-domain-name.co.uk.
  Network Adapters had the one ethernet and an IPv6 address. The Select
  Certificate sued to authenticate IP-HTTPS connections has the CN=remote.my-external-domain-name.co.uk.
  Authentication is set to AD and I used the root certificate of the CA for use
  computer certificates. I also Enabled windows 7 client computers to connect via DirectAccess.
  Step
  3: Infrastructure Servers
  Network Location Sevrer had the NLS
  is deployed on this server with the DirectAccess-NLS cert.
  DNS had the internal domain and the DirectAccess-NLS. the Internal domain was pointing to the IPv4 address of the DA. I read that I need
  to put the external name suffix of remote.my-external-domain-name.co.uk entry in and pointed that to the internal DA IPv4 address also.
  DNS Suffix List was set automatically and I also added my external domain name just in case.
  Managerment was straight forward and I pointed to our System Centre 2012 R2 server.
  Upon clicking finish and applying the GPO policies everything went according to plan. All green ticks. I did a GPupdate on the client I was testing and the GPO policies came through.
  I have set up TMG as per the isa.org forum  
  http://www.isaserver.org/articles-tutorials/general/implementing-windows-server-2012-directaccess-behind-forefront-tmg-part2.html .
  @ Jordan - I ensured that I had a separate external IP address for the requests from the clients to TMG as I publish websites internally.
  I used a third party wildcard cert for the IP-HTTPS connect part in DA Config Step 2.
  All the rest of the DA set up was pretty much out of the box as stated above. 

• Direct Access 2012 R2 - route by IP address ?

  Hi all,
           Direct access on 2012 R2 implemented and working.
  We have one application, which after initially querying the server via DNS name (which works) - all further communication occurs via IP address....  which fails - I assume because DA simply doesn't know that the IP traffic should be sent across the
  tunnel.
  Is there any way of adding an IP (or set of IP's) that should always be sent across the DA tunnel ?

  Hi,
  First what is the DNS answer IPv6? If yes it goes throught the IPSEC tunnels. Otherwise, it does not.
  if application request DNS resolution but does not use IPv6 address provided, it's because application want to use IPv4. I had such case. I had a sort of solution for TCP IPv4 based communications :
  http://danstoncloud.com/blogs/simplebydesign/archive/2012/02/11/tcpv4-based-applications-with-directaccess.aspx. It may help but need some automation to detect if DirectAccess client is connected on LAN or on Internet to enable / disable the Portproxy trick
  I used.
  BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

• Can SquirrelMail be set to serve on a port other than 16080? How?

  SquirrelMail serves OS X webmail on port 16080 out of the box. However, my company intranet has internet port 16080 closed... so, SquirrelMail is inaccessible. Can SM be set to serve on port 80? Is there a reason why it doesn't serve on this port by default? (I'm also running Tiger Server Apache web server on the same box; Rumpus FTP uses port 8000 for it's web serving.) Is SM a "web server" which would conflict with Apache on port 80.. is that the reason for port 16080? How can I change SM to serve on a port I can access from the office... like, say, 8010?

  I tried this setup, Jeff... gets me to the login page fine... but doesn't seem to recognize any of my email logins (all which are virtual).
  I have a website setup as MAIL.MYDOMAIN.COM... port 80...performance cache OFF... and pointing to /usr/share/squirrelmail. I tried these settings with OPTIONS-->WebMail both checked and unchecked. Doesn't seem to make any difference.
  So, does the problem have to do with the fact that I have Mailstore partitions setup by domain, as per Alex's guide to Making Virtual Users?
  As Alex mentioned, turn off the performance cache.
  You can change the port in ServerAdmin to something
  else (you mentioned 8010, which is fine).
  You may need to create a seperate Site for Webmail if
  you don't have one already.
  To take this a step further....
  My preferred (non-SSL) setup is this:
  - Assuming you already have DNS of mail.domain.com
  - Create a site for mail.domain.com (port 80)
  - In Sites/General, port 80
  - In Sites/General Web Folder
  "/usr/share/squirrelmail"
  - In Sites/Options, turn off Perf Cache.
  If you do the above, when you hit
  http://mail.domain.com
  You will go straight to Squirrelmail without having
  to add a /webmail to your url and without having to
  use a different port #.
  Jeff

• How to directly access a SELECTED row in a table using MasterColumn

  I'm using a table with MasterColumn (TreeByNestingTableColumn) contains checkbox element.
  In order to get the selected row I have to navigate the whole tree which is a very expensive when the tree is big.
  I also tried without check box by just using MULTI ROW SELECTION property of the table but that didn't work.
  Is there a way to directly access selected row like we do in the standrard table control?
  Any help would be appretiated.
  regards
  Qamar

  hi, Qamar
  Just Check out the Following Link's
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/tutorial on creating a tree structure in a table - 27.htm
  and also if u had not seen it before...............
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/tutorial on creating tables in web dynpro - 11_0_.htm
  regard's
  Dheerendra

• WIndows 8.1 Direct Access Client Needs to approve external wifi use before it connects - proxy not responding

  Ok So I have windows 8.1 with Direct Access Client and it works fine when I am able to check and uncheck proxy settings - which is a bit of a pain and seems unnecessary (I hope). If I take the laptop to a Starbucks I get the error that the proxy server is
  not responding so it never redirects for me to "accept" the rules.
  If I uncheck my proxy settings it then redirects and connects to their internet wifi and off I go - DA connects and all is well.
  I am using a GPO to configure the proxy settings as shown (all options are greyed out for the users)

  Hi,
  Your problem is a classic one when using that kind of proxy settings, unfortunately.
  To solve this without the need of user interaction, there are two solutions that will sort this out for you. In your case, if you want to use your corporate connection for internet traffic even over da, I'd opt for alternative 1 or 2 depending on what you are
  trying to achieve.
  1. WPAD (Web Proxy Auto Discovery protocol http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) - it actually uses the Automatic browser configuration checkbox on your client and looks for the file wpad.dat on a specific web server that you Pointout
  with either dns-record called wpad or DHCP option 252.
  2. Auto configuration script (pac script http://en.wikipedia.org/wiki/Proxy_auto-config) - uses the same kind of file as above. The difference is that you get the possiblity, like you want in your scenario to target what users that should get the script.
  See this below article for more details on the options you have.
  http://technet.microsoft.com/en-us/library/dd361918.aspx
  http://techlib.barracuda.com/display/WSFLEXv41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management
  Let us know if you need further assistance!
  /Johan
  MCT | MCSE: Private Cloud/Server, Desktop Infrastructure

• I am currently using the firewire port on my macbook pro to record dv from my camera. Can I capture video/audio using my USB port as well?ra

  I've been connecting a sony PD170 via firewire to my Macbook pro to record directly using Quicktime pro. Can I use the usb port (and mini audio in) to accomplish this with a camcorder that doesn't have a fire wire port but does have USB out?

  It could just be a bad disc - I use Verbatim and have only had one fail in a ten-year time period. Try getting a batch of Verbatims and see if you have any problems. I didn't even know that there were Kodak branded discs...
  Clinton

• Can two different local ips use the same port at the same time?

  Can two PS3s use the same ports at the same time. So let's say you have two PS3s and they need to open the exact same set of ports at the same time to be able to play the same game online. Is that possible on a regular consumer router such as the wrt310n? If so, then how would someone go about that. I am just asking out of curiosity.
  I don't work for Cisco. I'm just here to help.

  Use port range Triggering instead of Port forwarding. When you use port triggering then those ports will be opened for the entire local network.

• How to set up use of DVI port to external VGA monitor

  How do I set up a powerpoint on an external screen using the DVI port to VGA.  To make the powerpoint show on the computer screen as well as the external screen, what do I need to do on the MacBook Pro?

  Any idea ?

• Direct Access 2012 -- method for disabling and re-enabling client access ?

  We have a reliably functioning DA 2012 setup (which is great), but I need a way to selectively Disable and later Re-Enable DA for particular clients. We use a security group for the Computer accounts of the clients and this is referenced both by Group Policy
  (to assign the right settings to the DA Clients) and by the DA Server (to grant the access).
  We had hoped that we could simply delete the client Computer account from the security group, but when we tried this the DA server seems to just ignore it, even after a reboot of the DA Server.
  We have looked all through the settings of the DA server to see if there is a "disconnect client" option, but can't find anything (which truly amazes me!).
  I have seen one blog post from Richard Hicks which recommends running some PowerShell commands (http://directaccess.richardhicks.com/2013/06/11/disconnecting-directaccess-clients-on-windows-server-2012)
  but after testing these it seems clear that this really only helps me in a scenario where (A) the client is offsite; and (B) I first Disable the Computer account in AD and then replicate AD.
  Wondering what my options are? What do I do when we want to Disable DA for a particular client and then turn it back on again some weeks later?

  When you remove the computer account from your group, it will stop DirectAccess from working, but only once the DA client machine receives it's next Group Policy refresh. The purpose of the group is to get those DirectAccess connectivity settings applied
  from the DA GPO. So if you remove the account, sometime over the next couple of hours Group Policy will refresh on that laptop, and the DirectAccess settings will be removed. If you do this, then later down the road when you want to turn DirectAccess back
  on, you'll need to get that laptop either back into the office or connected via some kind of VPN, because when you add the computer account back to the group, the client machine will have to receive the GPO settings all over again.
  I have been installing DirectAccess for years in tons of places, and I don't think I have ever heard of the business requirement to remove and re-add computers to DA like you are describing - do you mind sharing your reasoning behind this? (I'm just truly
  curious, I'm always interested in finding new ways that companies are using DA)
  The quickest way to disconnect a client machine from DirectAccess is to disable the computer account in AD. You could then re-enable the computer account later and DA would start working again, but of course if you leave a computer account disabled in Active
  Directory for a long period of time, it could cause other kinds of sync problems outside the scope of DA.
  DirectAccess, if designed properly, turns itself off whenever the computer is connected to the corp network, whether physically onsite or connected via another form of VPN. Given this behavior, I'm not sure why you would want to be able to disable DA for
  a while and then turn it back on again later...?

• Direct Access 2012 -- Windows 8.1 -- ERROR_IPSEC_IKE_NO_POLICY

  Hello Everyone,
  hope someone can help out because i've tried all the troubleshhoting i could think of
  i have a DA 2012 insfrastructure (Single NIC signle Server)
  everything is working fine on my windows 7s but i can't seem to have my windows 8.1 to connect
  i can ping all my DA ipv6 Adresses fro the client but the ipsec negociation is failing,
  after lots of logging i managed to find this in the Firewall logs :
  <error>ERROR_IPSEC_IKE_NO_POLICY</error>
  <frequency>215</frequency>
  so i understant the negociation is failing but no idea why :s
  i though about the CRL but the windows 7 has the same certificate and is working fine...
  any ideas ?
  cheers
  Hitch Bardawil

  and the log 
  [9/8/2014 3:39:14 PM]: In worker thread, going to start the tests.
  [9/8/2014 3:39:14 PM]: Running Network Interfaces tests.
  [9/8/2014 3:39:14 PM]: Wi-Fi (Intel(R) Centrino(R) Advanced-N 6200 AGN): fe80::1026:d8f9:ded7:a2fb%3;: 192.168.1.124/255.255.255.0;
  [9/8/2014 3:39:14 PM]: Default gateway found for Wi-Fi.
  [9/8/2014 3:39:14 PM]: Teredo Tunneling Pseudo-Interface (Teredo Tunneling Pseudo-Interface): 2001:0:5ef5:79fb:65:2ac:92ff:d1b2;: fe80::65:2ac:92ff:d1b2%9;
  [9/8/2014 3:39:14 PM]: No default gateway found for Teredo Tunneling Pseudo-Interface.
  [9/8/2014 3:39:14 PM]: iphttpsinterface (iphttpsinterface): fddd:4cc:499:1000:b50f:a4fe:2c78:1299;: fddd:4cc:499:1000:6815:8f66:437e:ac7d;: fe80::b50f:a4fe:2c78:1299%10;
  [9/8/2014 3:39:14 PM]: No default gateway found for iphttpsinterface.
  [9/8/2014 3:39:14 PM]: Wi-Fi has configured the default gateway 192.168.1.1.
  [9/8/2014 3:39:14 PM]: Default gateway 192.168.1.1 for Wi-Fi replies on ICMP Echo requests, RTT is 5 msec.
  [9/8/2014 3:39:14 PM]: Received a response from the public DNS server (8.8.8.8), RTT is 55 msec.
  [9/8/2014 3:39:14 PM]: The public DNS Server (2001:4860:4860::8888) does not reply on ICMP Echo requests, the request or response is maybe filtered?
  [9/8/2014 3:39:14 PM]: Running Inside/Outside location tests.
  [9/8/2014 3:39:14 PM]: NLS is https://nls.grsea.priv/.
  [9/8/2014 3:39:14 PM]: NLS is not reachable via HTTPS, the client computer is not connected to the corporate network (external) or the NLS is offline.
  [9/8/2014 3:39:14 PM]: NRPT contains 2 rules.
  [9/8/2014 3:39:14 PM]: Found (unique) DNS server: fddd:4cc:499:3333::1
  [9/8/2014 3:39:14 PM]: Send an ICMP message to check if the server is reachable.
  [9/8/2014 3:39:14 PM]: DNS server fddd:4cc:499:3333::1 is online, RTT is 55 msec.
  [9/8/2014 3:39:14 PM]: Running IP connectivity tests.
  [9/8/2014 3:39:15 PM]: The 6to4 interface service state is default.
  [9/8/2014 3:39:15 PM]: Teredo inferface status is online.
  [9/8/2014 3:39:15 PM]: The configured DirectAccess Teredo server is win8.ipv6.microsoft.com..
  [9/8/2014 3:39:15 PM]: The IPHTTPS interface is operational.
  [9/8/2014 3:39:15 PM]: The IPHTTPS interface status is IPHTTPS interface active.
  [9/8/2014 3:39:15 PM]: IPHTTPS is used as IPv6 transition technology.
  [9/8/2014 3:39:15 PM]: The configured IPHTTPS URL is https://da2012.thelem-assurances.fr:443.
  [9/8/2014 3:39:15 PM]: IPHTTPS has a single site configuration.
  [9/8/2014 3:39:15 PM]: IPHTTPS URL endpoint is: https://da2012.thelem-assurances.fr:443.
  [9/8/2014 3:39:15 PM]: Successfully connected to endpoint https://da2012.thelem-assurances.fr:443.
  [9/8/2014 3:39:15 PM]: No response received from grsea.priv.
  [9/8/2014 3:39:15 PM]: Running Windows Firewall tests.
  [9/8/2014 3:39:15 PM]: The current profile of the Windows Firewall is Private.
  [9/8/2014 3:39:15 PM]: The Windows Firewall is enabled in the current profile Private.
  [9/8/2014 3:39:15 PM]: The outbound Windows Firewall rule Gestion réseau de base - Teredo (Trafic sortant UDP) is enabled.
  [9/8/2014 3:39:15 PM]: The outbound Windows Firewall rule Réseau de base - IPHTTPS (TCP-Sortant) is enabled.
  [9/8/2014 3:39:15 PM]: Running certificate tests.
  [9/8/2014 3:39:15 PM]: Found 3 machine certificates on this client computer.
  [9/8/2014 3:39:15 PM]: Checking certificate [no subject] with the serial number [21BDEAFA00000000123F].
  [9/8/2014 3:39:15 PM]: The certificate [21BDEAFA00000000123F] contains the EKU Client Authentication.
  [9/8/2014 3:39:15 PM]: The trust chain for the certificate [21BDEAFA00000000123F] was sucessfully verified.
  [9/8/2014 3:39:15 PM]: Checking certificate [no subject] with the serial number [2292E531000000001240].
  [9/8/2014 3:39:15 PM]: The certificate [2292E531000000001240] contains the EKU Client Authentication.
  [9/8/2014 3:39:15 PM]: The trust chain for the certificate [2292E531000000001240] was sucessfully verified.
  [9/8/2014 3:39:15 PM]: Checking certificate CN=SA000003B.grsea.priv with the serial number [1DD5B26600000000123D].
  [9/8/2014 3:39:15 PM]: The certificate [1DD5B26600000000123D] contains the EKU Client Authentication.
  [9/8/2014 3:39:15 PM]: The trust chain for the certificate [1DD5B26600000000123D] was sucessfully verified.
  [9/8/2014 3:39:15 PM]: Running IPsec infrastructure tunnel tests.
  [9/8/2014 3:39:15 PM]: Failed to connect to domain sysvol share \\grsea.priv\sysvol\grsea.priv\Policies.
  [9/8/2014 3:39:15 PM]: Running IPsec intranet tunnel tests.
  [9/8/2014 3:39:15 PM]: Successfully reached fddd:4cc:499:1000::1, RTT is 58 msec.
  [9/8/2014 3:39:15 PM]: Successfully reached fddd:4cc:499:1000::2, RTT is 89 msec.
  [9/8/2014 3:39:15 PM]: Failed to connect to HTTP probe at http://directaccess-WebProbeHost.grsea.priv.
  [9/8/2014 3:39:15 PM]: Running selected post-checks script.
  [9/8/2014 3:39:15 PM]: No post-checks script specified or the file does not exist.
  [9/8/2014 3:39:15 PM]: Finished running post-checks script.
  [9/8/2014 3:39:15 PM]: Finished running all tests.
  Hitch Bardawil

• Windows Explorer can't be set to use Acrobat to open pdf

  I have CS4 with x64 Windows. Because Acrobat 9 crashed at least every 10 minutes and it has downgraded features (for example, you can no longer replace a page in the Pages window by dragging a page from another document and dropping it onto the page number), I reinstalled 8. The only problem was that I had to start 8 before double-clicking in Windows Explorer to open a pdf file, or else Windows starts up 9. So, to take care of that, I uninstalled 9, but then the pdf printer disappeared. So, I did a repair install of 8. Now Explorer will NEVER open a pdf. When I do Open With, or when attempting to set the Open With in Folder Option / File Types, I select the 8 version of acrobat.exe but Explorer just ignors the selection, as if I had just cancelled out of the Browse... window. 8 works fine when I drag a file from Explorer and drop it into Acrobat. I'm sure there's a fix lurking here somewhere. Thanks in advance and Help!

  I would suggest uninstalling Acrobat 8 and then reinstalling Acrobat 8.  Hopefully this would set your file associations correctly.  Good Luck!