Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > IAS fails with certs from Stand Alone CA

Reply
Thread Tools

IAS fails with certs from Stand Alone CA

 
 
Harrison Midkiff
Guest
Posts: n/a
 
      07-20-2004
Hello:

I am deploying a secure wireless solution with a Stand Alone CA. When my
clients are trying to authenticate I am getting the following 2 error
messages in my event viewer. I have searched on these but can not seem to
find a resolution for them. Any help anyone could offer would be greatly
appreciated.

Harrison Midkiff

******* Error 1 *********
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 20190
Date: 7/20/2004
Time: 12:23:25 PM
User: N/A
Computer: MERCURY
Description:
Because no certificate has been configured for clients dialing in with
EAP-TLS, a default certificate is being sent to user aviinc\hmidkiff. Please
go to the user's Remote Access Policy and configure the Extensible
Authentication Protocol (EAP).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


******* Error 2 *********
Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 20168
Date: 7/20/2004
Time: 12:23:25 PM
User: N/A
Computer: MERCURY
Description:
Could not retrieve the Remote Access Server's certificate due to the
following error: Cannot find object or property.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 20 09 80 . .



 
Reply With Quote
 
 
 
 
MikeF
Guest
Posts: n/a
 
      07-20-2004

"Harrison Midkiff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello:
>
> I am deploying a secure wireless solution with a Stand Alone CA. When my
> clients are trying to authenticate I am getting the following 2 error
> messages in my event viewer. I have searched on these but can not seem to
> find a resolution for them. Any help anyone could offer would be greatly
> appreciated.
>
> Harrison Midkiff
>
> ******* Error 1 *********
> Event Type: Information
> Event Source: IAS
> Event Category: None
> Event ID: 20190
> Date: 7/20/2004
> Time: 12:23:25 PM
> User: N/A
> Computer: MERCURY
> Description:
> Because no certificate has been configured for clients dialing in with
> EAP-TLS, a default certificate is being sent to user aviinc\hmidkiff.

Please
> go to the user's Remote Access Policy and configure the Extensible
> Authentication Protocol (EAP).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> ******* Error 2 *********
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 20168
> Date: 7/20/2004
> Time: 12:23:25 PM
> User: N/A
> Computer: MERCURY
> Description:
> Could not retrieve the Remote Access Server's certificate due to the
> following error: Cannot find object or property.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 04 20 09 80 . .?>



The messages pretty much tell you what the problem is. You've set up an
authentication type which requres certificates. Either the certificates
have not been issued, or are stored in the wrong place, or do not refer back
to a valid root certificate. brush up on how to issue certificates, where
to store them, how to make sure there's a valid certificate path or chain,
and whether or not a stand alone CA is adequate for what you are doing.



 
Reply With Quote
 
 
 
 
Patrick Sears [MSFT]
Guest
Posts: n/a
 
      07-22-2004
Here are some steps you can use to verify whether you have a valid
certificate installed on your RADIUS (IAS) server:

On your RADIUS (IAS) server, do the following:

1) Click on the Start button and choose "Run..."
2) Type in "mmc" and click OK
3) From the "File" pull-down menu, click on "Add/Remove Snap-in..."
4) Click "Add..."
5) Select "Certificates" and click "Add"
6) Select "Computer account" and click "Next >"
7) Click "Finish"
Click "Close"
9) Click "OK"
10) On the left side of the window, browse down to "Certificate (Local
Computer) \ Personal \ Certificates"
11) Look for the certificate, which you plan to use with EAP, on the right
side of the window and double click on it

If no certificates appear on the right side of the window, then you have not
installed your certificate into the correct location.

11) Switch to the "Details" tab
12) Make sure the value for the "Valid from" field is a date that is
earlier than today's date.
13) Make sure the value for the "Valid to" field is a date that is later
than today's date.
14) Make sure the field called "Subject" exists, that it has a value
assigned to it, and that the value includes a "CN = " which is followed by
some name.
15) Make sure that the "Enhanced Key Usage" field exists and that its value
mentions "Server Authentication".

If your certificate does not meet one of these checks, then it will not be
recognized by your RADIUS (IAS) server.

16) Lastly, with a certificate from a Stand-Alone CA server, you may need
to manually install a copy of the certificate for the Root CA into the
Enterprise "NTAuth" certificate store. The following KB article, will show
you how this is done:

http://support.microsoft.com/default...b;en-us;295663

If you meet all these requirements, then you should be able to select this
certificate when configuring EAP in your Remote Access policy.

--

Patrick Sears
Bluetooth PAN
Windows Networking

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

"MikeF" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Harrison Midkiff" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hello:
> >
> > I am deploying a secure wireless solution with a Stand Alone CA. When

my
> > clients are trying to authenticate I am getting the following 2 error
> > messages in my event viewer. I have searched on these but can not seem

to
> > find a resolution for them. Any help anyone could offer would be

greatly
> > appreciated.
> >
> > Harrison Midkiff
> >
> > ******* Error 1 *********
> > Event Type: Information
> > Event Source: IAS
> > Event Category: None
> > Event ID: 20190
> > Date: 7/20/2004
> > Time: 12:23:25 PM
> > User: N/A
> > Computer: MERCURY
> > Description:
> > Because no certificate has been configured for clients dialing in with
> > EAP-TLS, a default certificate is being sent to user aviinc\hmidkiff.

> Please
> > go to the user's Remote Access Policy and configure the Extensible
> > Authentication Protocol (EAP).
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> >
> > ******* Error 2 *********
> > Event Type: Error
> > Event Source: IAS
> > Event Category: None
> > Event ID: 20168
> > Date: 7/20/2004
> > Time: 12:23:25 PM
> > User: N/A
> > Computer: MERCURY
> > Description:
> > Could not retrieve the Remote Access Server's certificate due to the
> > following error: Cannot find object or property.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> > Data:
> > 0000: 04 20 09 80 . .?>

>
>
> The messages pretty much tell you what the problem is. You've set up an
> authentication type which requres certificates. Either the certificates
> have not been issued, or are stored in the wrong place, or do not refer

back
> to a valid root certificate. brush up on how to issue certificates, where
> to store them, how to make sure there's a valid certificate path or chain,
> and whether or not a stand alone CA is adequate for what you are doing.
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IAS PEAP Wireless - Stand Alone CA tweaked540@gmail.com Wireless Networking 1 02-16-2007 08:55 PM
stand alone executable using pp doesn't stand alone Plotinus Perl Misc 2 12-17-2004 01:09 AM
Suite or stand alone? Caploc Firefox 2 11-10-2004 09:48 PM
Main Advantages i get when i do a stand alone app in .Net rather than in VB. Punya Narra ASP .Net 5 02-17-2004 12:02 PM
Certs and HR people...does HR know anything about certs? Scott D MCSE 0 10-27-2003 02:44 AM



Advertisments