Hello there,
You can only push "Root CA's Cert" (Which will JUST a static file)to clients, DirectAccess needs uniquie certificate which will be issued to every DA Computer's name that cannot be pushed.
All you can do is, "force" the Client OS to request it(Generate a keys and send CSR to a online CA) from a Certificate Authority based on a certificate template (JUST the template and NOT the real certificate, Template can be imported on to that
machine with Djoin utility
https://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx) .
Since this process requires a connection to Certificate Authority (either using CEP/CES or RPC - if the CA is local to the client) you might have to do this step manually.
JUST offline djoin would work for Windows 8 or above clients because - ideally they can be configured to use Kerbros Proxy than using Certificate based authentication.
Please let me know, if this helps!
-
Edited by
Vasu Deva
Friday, April 24, 2015 1:52 PM