Hi,
It looks like there is a problem with your certificate.
Make sure all the following are true:
For the computer certificates installed on the IAS servers, the following
must be true:
. They must be installed in the Local Computer certificate store.
. They must have a corresponding private key. When you view the
properties of the certificate with the Certificate snap-in, you should see
the text You have a private key that corresponds to this certificate on the
General tab.
. The cryptographic service provider for the certificates supports
SChannel. If not, the IAS server cannot use the certificate and it is not
selectable from the properties of the Smart Card or Other Certificate EAP
type from the Authentication tab on the properties of a profile for a remote
access policy.
. They must contain the Server Authentication certificate purpose
(also known as an Enhanced Key Usage [EKU]). An EKU is identified using an
object identifier (OID). The OID for Server Authentication is
"1.3.6.1.5.5.7.3.1".
. They must contain the fully qualified domain name (FQDN) of the
computer account of the IAS server computer in the Subject Alternative Name
property.
Additionally, the root CA certificates of the CAs that issued the wireless
client computer and user certificates must be installed in the Certificates
(Local Computer)\Trusted Root Certification Authorities\Certificates folder.
http://www.microsoft.com/technet/pro...y/ed80211.mspx
I hope this helps.
--
Greg Lindsay [MSFT]
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
<> wrote in message
news: oups.com...
> Is it possible to have a stand alone win2k3 CA produce certificates
> for the IAS server to use for PEAP? When we try to authenticate to
> the WAP, we get these errors on our IAS box: (It looks as if the
> certificates are no good)
>
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 20168
> Date: 2/15/2007
> Time: 10:08:45 AM
> User: N/A
> Computer: Computer
> Description:
> Could not retrieve the Remote Access Server's certificate due to the
> following error: No credentials are available in the security package
>
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 3
> Date: 2/15/2007
> Time: 10:08:43 AM
> User: N/A
> Computer: Computer
> Description:
> Access request for user was discarded.
> Fully-Qualified-User-Name = test
> NAS-IP-Address = 192.168.21.9
> NAS-Identifier = WAP
> Called-Station-Identifier = 0003.45f7.3210
> Calling-Station-Identifier = 0555.5056.55b5
> Client-Friendly-Name = WAP
> Client-IP-Address = 192.168.21.9
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 267
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Reason-Code = 300
> Reason = No credentials are available in the security package
>
Similar Threads
