Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > BUGS ???

Reply
Thread Tools

BUGS ???

 
 
erha
Guest
Posts: n/a
 
      04-18-2005
Hi all, (especially Microsoft)

We currently try to integrate our Smart Card to be used in Wireless EAP-TLS
authentication.
Our Smart Card is currently is used for Microsoft Windows Certificate Logon.
To support the EAP-TLS, we add Client Authentication to the Extended Key
Usage (EKU).
But we are failed. The Microsoft complain the "Windows was unable to find a
certificate to log you on the network XXXX".

Upon this error, we are trying to use certificate from Certificate Store.

Certificate #1:
EKU=Client Authentication
Key Usage=Digital Signature, keyEncipherment, keyAgreement

MS Windows do not complain when we are using Certificate#1.

We delete Certificate#1 from Certificate store and import Certificate# 2.

Certifcate #2:
EKU=Client Authentication, Smart Card Logon
Key Usage=Digital Signature, keyEncipherment, keyAgreement

And ha ha ......

The MS Windows complain "Windows was unable to find a certificate to log you
on the network XXXX".

Why does the Smart Card Logon on EKU make the EAP-TLS failed ?

We need to this two EKU on one Certificate because currently Microsoft
called our CSP using "default container" for Smart Card Logon and EAP-TLS.
And we cannot differentiate who is actually calling our CSP.

Has anyone face this problem before ?

Can someone from Microsoft confirm about this problem ?

Thank in advance for any help or idea......

Rudy


 
Reply With Quote
 
 
 
 
Carl DaVault [MSFT]
Guest
Posts: n/a
 
      04-22-2005
Sorry to state the obvious, but did you troubleshoot the certificate in all
other ways? Try creating new/fresh certificates? Compare them to make sure
that the only difference is the EKU? Etc? Make sure it's in the right store?
Are you seeing this only with the smartcard EKU or does the problem occur
when any EKU is added to the Client Authentication?

What method are you using to generate the certificates?

Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
the problem only surface with wireless?

Thanks.

If you want, I can try to take a look at the 2 certificates to compare them.

--
Standard Disclaimers -
This posting is provided "AS IS" with no warranties,
and confers no rights. Please do not send e-mail directly
to this alias. This alias is for newsgroup purposes only.


"erha" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi all, (especially Microsoft)
>
> We currently try to integrate our Smart Card to be used in Wireless
> EAP-TLS
> authentication.
> Our Smart Card is currently is used for Microsoft Windows Certificate
> Logon.
> To support the EAP-TLS, we add Client Authentication to the Extended Key
> Usage (EKU).
> But we are failed. The Microsoft complain the "Windows was unable to find
> a
> certificate to log you on the network XXXX".
>
> Upon this error, we are trying to use certificate from Certificate Store.
>
> Certificate #1:
> EKU=Client Authentication
> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>
> MS Windows do not complain when we are using Certificate#1.
>
> We delete Certificate#1 from Certificate store and import Certificate# 2.
>
> Certifcate #2:
> EKU=Client Authentication, Smart Card Logon
> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>
> And ha ha ......
>
> The MS Windows complain "Windows was unable to find a certificate to log
> you
> on the network XXXX".
>
> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>
> We need to this two EKU on one Certificate because currently Microsoft
> called our CSP using "default container" for Smart Card Logon and EAP-TLS.
> And we cannot differentiate who is actually calling our CSP.
>
> Has anyone face this problem before ?
>
> Can someone from Microsoft confirm about this problem ?
>
> Thank in advance for any help or idea......
>
> Rudy
>
>



 
Reply With Quote
 
 
 
 
John Smith
Guest
Posts: n/a
 
      04-24-2005
i do have about same problem, although it might be different.. i'm not 100%
following everything here.. but here is what i have

once, i switch my router from WEP to WAP-PSK, my computer displays following

Windows was unable to find a certificate to log you to the network

i however did not create any certificates, i'm not really sure which one
exactly do i need to be honest..

but the main problem is that after i get connected i lose my connection
after 1-2 mins tops and the only thing i have left to do is to turn radio
off and turn it back to be able to connect for another minute or so..

is it suppose to be like that? or am i just misconfigure something ( it
needs that certificiate ) if so can you refer me to your website where it
describes which certificate do i need to create, where to put it and how to
create it? basically step by step guide..

thank you so much




"Carl DaVault [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry to state the obvious, but did you troubleshoot the certificate in
> all other ways? Try creating new/fresh certificates? Compare them to make
> sure that the only difference is the EKU? Etc? Make sure it's in the right
> store? Are you seeing this only with the smartcard EKU or does the problem
> occur when any EKU is added to the Client Authentication?
>
> What method are you using to generate the certificates?
>
> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
> the problem only surface with wireless?
>
> Thanks.
>
> If you want, I can try to take a look at the 2 certificates to compare
> them.
>
> --
> Standard Disclaimers -
> This posting is provided "AS IS" with no warranties,
> and confers no rights. Please do not send e-mail directly
> to this alias. This alias is for newsgroup purposes only.
>
>
> "erha" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi all, (especially Microsoft)
>>
>> We currently try to integrate our Smart Card to be used in Wireless
>> EAP-TLS
>> authentication.
>> Our Smart Card is currently is used for Microsoft Windows Certificate
>> Logon.
>> To support the EAP-TLS, we add Client Authentication to the Extended Key
>> Usage (EKU).
>> But we are failed. The Microsoft complain the "Windows was unable to find
>> a
>> certificate to log you on the network XXXX".
>>
>> Upon this error, we are trying to use certificate from Certificate Store.
>>
>> Certificate #1:
>> EKU=Client Authentication
>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>
>> MS Windows do not complain when we are using Certificate#1.
>>
>> We delete Certificate#1 from Certificate store and import Certificate# 2.
>>
>> Certifcate #2:
>> EKU=Client Authentication, Smart Card Logon
>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>
>> And ha ha ......
>>
>> The MS Windows complain "Windows was unable to find a certificate to log
>> you
>> on the network XXXX".
>>
>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>
>> We need to this two EKU on one Certificate because currently Microsoft
>> called our CSP using "default container" for Smart Card Logon and
>> EAP-TLS.
>> And we cannot differentiate who is actually calling our CSP.
>>
>> Has anyone face this problem before ?
>>
>> Can someone from Microsoft confirm about this problem ?
>>
>> Thank in advance for any help or idea......
>>
>> Rudy
>>
>>

>
>



 
Reply With Quote
 
Carl DaVault [MSFT]
Guest
Posts: n/a
 
      04-28-2005
You should turn off 802.1x authentication if you are not using it.

This will make the problem go away. Are you sure you set it to WPA-PSK and
not WPA?

http://support.microsoft.com/default...b;en-us;814123

--
Standard Disclaimers -
This posting is provided "AS IS" with no warranties,
and confers no rights. Please do not send e-mail directly
to this alias. This alias is for newsgroup purposes only.


"John Smith" <(E-Mail Removed)> wrote in message
news:kpFae.16924$(E-Mail Removed)...
>i do have about same problem, although it might be different.. i'm not 100%
>following everything here.. but here is what i have
>
> once, i switch my router from WEP to WAP-PSK, my computer displays
> following
>
> Windows was unable to find a certificate to log you to the network
>
> i however did not create any certificates, i'm not really sure which one
> exactly do i need to be honest..
>
> but the main problem is that after i get connected i lose my connection
> after 1-2 mins tops and the only thing i have left to do is to turn radio
> off and turn it back to be able to connect for another minute or so..
>
> is it suppose to be like that? or am i just misconfigure something ( it
> needs that certificiate ) if so can you refer me to your website where it
> describes which certificate do i need to create, where to put it and how
> to create it? basically step by step guide..
>
> thank you so much
>
>
>
>
> "Carl DaVault [MSFT]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Sorry to state the obvious, but did you troubleshoot the certificate in
>> all other ways? Try creating new/fresh certificates? Compare them to make
>> sure that the only difference is the EKU? Etc? Make sure it's in the
>> right store? Are you seeing this only with the smartcard EKU or does the
>> problem occur when any EKU is added to the Client Authentication?
>>
>> What method are you using to generate the certificates?
>>
>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
>> the problem only surface with wireless?
>>
>> Thanks.
>>
>> If you want, I can try to take a look at the 2 certificates to compare
>> them.
>>
>> --
>> Standard Disclaimers -
>> This posting is provided "AS IS" with no warranties,
>> and confers no rights. Please do not send e-mail directly
>> to this alias. This alias is for newsgroup purposes only.
>>
>>
>> "erha" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Hi all, (especially Microsoft)
>>>
>>> We currently try to integrate our Smart Card to be used in Wireless
>>> EAP-TLS
>>> authentication.
>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>> Logon.
>>> To support the EAP-TLS, we add Client Authentication to the Extended Key
>>> Usage (EKU).
>>> But we are failed. The Microsoft complain the "Windows was unable to
>>> find a
>>> certificate to log you on the network XXXX".
>>>
>>> Upon this error, we are trying to use certificate from Certificate
>>> Store.
>>>
>>> Certificate #1:
>>> EKU=Client Authentication
>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>
>>> MS Windows do not complain when we are using Certificate#1.
>>>
>>> We delete Certificate#1 from Certificate store and import Certificate#
>>> 2.
>>>
>>> Certifcate #2:
>>> EKU=Client Authentication, Smart Card Logon
>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>
>>> And ha ha ......
>>>
>>> The MS Windows complain "Windows was unable to find a certificate to log
>>> you
>>> on the network XXXX".
>>>
>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>
>>> We need to this two EKU on one Certificate because currently Microsoft
>>> called our CSP using "default container" for Smart Card Logon and
>>> EAP-TLS.
>>> And we cannot differentiate who is actually calling our CSP.
>>>
>>> Has anyone face this problem before ?
>>>
>>> Can someone from Microsoft confirm about this problem ?
>>>
>>> Thank in advance for any help or idea......
>>>
>>> Rudy
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      04-29-2005
i have already turned off 802.1x authentication

and yes, I'm using WPA-PSK not just WPA



"Carl DaVault [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You should turn off 802.1x authentication if you are not using it.
>
> This will make the problem go away. Are you sure you set it to WPA-PSK and
> not WPA?
>
> http://support.microsoft.com/default...b;en-us;814123
>
> --
> Standard Disclaimers -
> This posting is provided "AS IS" with no warranties,
> and confers no rights. Please do not send e-mail directly
> to this alias. This alias is for newsgroup purposes only.
>
>
> "John Smith" <(E-Mail Removed)> wrote in message
> news:kpFae.16924$(E-Mail Removed)...
>>i do have about same problem, although it might be different.. i'm not
>>100% following everything here.. but here is what i have
>>
>> once, i switch my router from WEP to WAP-PSK, my computer displays
>> following
>>
>> Windows was unable to find a certificate to log you to the network
>>
>> i however did not create any certificates, i'm not really sure which one
>> exactly do i need to be honest..
>>
>> but the main problem is that after i get connected i lose my connection
>> after 1-2 mins tops and the only thing i have left to do is to turn radio
>> off and turn it back to be able to connect for another minute or so..
>>
>> is it suppose to be like that? or am i just misconfigure something ( it
>> needs that certificiate ) if so can you refer me to your website where it
>> describes which certificate do i need to create, where to put it and how
>> to create it? basically step by step guide..
>>
>> thank you so much
>>
>>
>>
>>
>> "Carl DaVault [MSFT]" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Sorry to state the obvious, but did you troubleshoot the certificate in
>>> all other ways? Try creating new/fresh certificates? Compare them to
>>> make sure that the only difference is the EKU? Etc? Make sure it's in
>>> the right store? Are you seeing this only with the smartcard EKU or does
>>> the problem occur when any EKU is added to the Client Authentication?
>>>
>>> What method are you using to generate the certificates?
>>>
>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
>>> does the problem only surface with wireless?
>>>
>>> Thanks.
>>>
>>> If you want, I can try to take a look at the 2 certificates to compare
>>> them.
>>>
>>> --
>>> Standard Disclaimers -
>>> This posting is provided "AS IS" with no warranties,
>>> and confers no rights. Please do not send e-mail directly
>>> to this alias. This alias is for newsgroup purposes only.
>>>
>>>
>>> "erha" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> Hi all, (especially Microsoft)
>>>>
>>>> We currently try to integrate our Smart Card to be used in Wireless
>>>> EAP-TLS
>>>> authentication.
>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>>> Logon.
>>>> To support the EAP-TLS, we add Client Authentication to the Extended
>>>> Key
>>>> Usage (EKU).
>>>> But we are failed. The Microsoft complain the "Windows was unable to
>>>> find a
>>>> certificate to log you on the network XXXX".
>>>>
>>>> Upon this error, we are trying to use certificate from Certificate
>>>> Store.
>>>>
>>>> Certificate #1:
>>>> EKU=Client Authentication
>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>
>>>> MS Windows do not complain when we are using Certificate#1.
>>>>
>>>> We delete Certificate#1 from Certificate store and import Certificate#
>>>> 2.
>>>>
>>>> Certifcate #2:
>>>> EKU=Client Authentication, Smart Card Logon
>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>
>>>> And ha ha ......
>>>>
>>>> The MS Windows complain "Windows was unable to find a certificate to
>>>> log you
>>>> on the network XXXX".
>>>>
>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>>
>>>> We need to this two EKU on one Certificate because currently Microsoft
>>>> called our CSP using "default container" for Smart Card Logon and
>>>> EAP-TLS.
>>>> And we cannot differentiate who is actually calling our CSP.
>>>>
>>>> Has anyone face this problem before ?
>>>>
>>>> Can someone from Microsoft confirm about this problem ?
>>>>
>>>> Thank in advance for any help or idea......
>>>>
>>>> Rudy
>>>>
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      05-02-2005
any respond?


"John Smith" <(E-Mail Removed)> wrote in message
news:cChce.167$(E-Mail Removed)...
>i have already turned off 802.1x authentication
>
> and yes, I'm using WPA-PSK not just WPA
>
>
>
> "Carl DaVault [MSFT]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> You should turn off 802.1x authentication if you are not using it.
>>
>> This will make the problem go away. Are you sure you set it to WPA-PSK
>> and not WPA?
>>
>> http://support.microsoft.com/default...b;en-us;814123
>>
>> --
>> Standard Disclaimers -
>> This posting is provided "AS IS" with no warranties,
>> and confers no rights. Please do not send e-mail directly
>> to this alias. This alias is for newsgroup purposes only.
>>
>>
>> "John Smith" <(E-Mail Removed)> wrote in message
>> news:kpFae.16924$(E-Mail Removed)...
>>>i do have about same problem, although it might be different.. i'm not
>>>100% following everything here.. but here is what i have
>>>
>>> once, i switch my router from WEP to WAP-PSK, my computer displays
>>> following
>>>
>>> Windows was unable to find a certificate to log you to the network
>>>
>>> i however did not create any certificates, i'm not really sure which one
>>> exactly do i need to be honest..
>>>
>>> but the main problem is that after i get connected i lose my connection
>>> after 1-2 mins tops and the only thing i have left to do is to turn
>>> radio off and turn it back to be able to connect for another minute or
>>> so..
>>>
>>> is it suppose to be like that? or am i just misconfigure something ( it
>>> needs that certificiate ) if so can you refer me to your website where
>>> it describes which certificate do i need to create, where to put it and
>>> how to create it? basically step by step guide..
>>>
>>> thank you so much
>>>
>>>
>>>
>>>
>>> "Carl DaVault [MSFT]" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Sorry to state the obvious, but did you troubleshoot the certificate in
>>>> all other ways? Try creating new/fresh certificates? Compare them to
>>>> make sure that the only difference is the EKU? Etc? Make sure it's in
>>>> the right store? Are you seeing this only with the smartcard EKU or
>>>> does the problem occur when any EKU is added to the Client
>>>> Authentication?
>>>>
>>>> What method are you using to generate the certificates?
>>>>
>>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
>>>> does the problem only surface with wireless?
>>>>
>>>> Thanks.
>>>>
>>>> If you want, I can try to take a look at the 2 certificates to compare
>>>> them.
>>>>
>>>> --
>>>> Standard Disclaimers -
>>>> This posting is provided "AS IS" with no warranties,
>>>> and confers no rights. Please do not send e-mail directly
>>>> to this alias. This alias is for newsgroup purposes only.
>>>>
>>>>
>>>> "erha" <(E-Mail Removed)> wrote in message
>>>> news:%(E-Mail Removed)...
>>>>> Hi all, (especially Microsoft)
>>>>>
>>>>> We currently try to integrate our Smart Card to be used in Wireless
>>>>> EAP-TLS
>>>>> authentication.
>>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>>>> Logon.
>>>>> To support the EAP-TLS, we add Client Authentication to the Extended
>>>>> Key
>>>>> Usage (EKU).
>>>>> But we are failed. The Microsoft complain the "Windows was unable to
>>>>> find a
>>>>> certificate to log you on the network XXXX".
>>>>>
>>>>> Upon this error, we are trying to use certificate from Certificate
>>>>> Store.
>>>>>
>>>>> Certificate #1:
>>>>> EKU=Client Authentication
>>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>>
>>>>> MS Windows do not complain when we are using Certificate#1.
>>>>>
>>>>> We delete Certificate#1 from Certificate store and import Certificate#
>>>>> 2.
>>>>>
>>>>> Certifcate #2:
>>>>> EKU=Client Authentication, Smart Card Logon
>>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>>
>>>>> And ha ha ......
>>>>>
>>>>> The MS Windows complain "Windows was unable to find a certificate to
>>>>> log you
>>>>> on the network XXXX".
>>>>>
>>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>>>
>>>>> We need to this two EKU on one Certificate because currently Microsoft
>>>>> called our CSP using "default container" for Smart Card Logon and
>>>>> EAP-TLS.
>>>>> And we cannot differentiate who is actually calling our CSP.
>>>>>
>>>>> Has anyone face this problem before ?
>>>>>
>>>>> Can someone from Microsoft confirm about this problem ?
>>>>>
>>>>> Thank in advance for any help or idea......
>>>>>
>>>>> Rudy
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
rudy@guardmydata.com
Guest
Posts: n/a
 
      05-14-2005
Hi Carl,

Yes for sure the two certificate only different on the EKU and both of
them is imported to Current User Certificate Store.

On my testing, I do not use the Certificate from the Smart Card.
Instead I create the Certificate and import PKCS#12 to the Current User
Certificate Store.

The Certificate is created by our own product and it is working fine so
far. We can do a Certificate Logon correctly.

I can send the two certificates to you if you want but could we do this
offline.

I could not get your email address since I post this message from
google. Can you please send your email to http://www.velocityreviews.com/forums/(E-Mail Removed) ?
(Please remove '-nospam' from the email address)

 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      05-16-2005
yet another interesting thing...

i just tryed it with another router LinkSys this time.. i'm using WAP-PSK..
doesn't tell me nothin about certificate...



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi Carl,
>
> Yes for sure the two certificate only different on the EKU and both of
> them is imported to Current User Certificate Store.
>
> On my testing, I do not use the Certificate from the Smart Card.
> Instead I create the Certificate and import PKCS#12 to the Current User
> Certificate Store.
>
> The Certificate is created by our own product and it is working fine so
> far. We can do a Certificate Logon correctly.
>
> I can send the two certificates to you if you want but could we do this
> offline.
>
> I could not get your email address since I post this message from
> google. Can you please send your email to (E-Mail Removed) ?
> (Please remove '-nospam' from the email address)
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bugs and Bugs...get rid of them Jason Computer Security 1 01-31-2006 10:47 PM
FF 1.0.2. bugs with downloading big files Thomas Firefox 3 03-27-2005 09:20 PM
Still use 'ruby-bugs' for Ruby bugs? Josef 'Jupp' Schugt Ruby 2 11-04-2004 10:10 PM
Firefox 0.9.1 major bugs Jonathan Firefox 7 07-07-2004 11:28 PM
mozilla community (bugs) - how it works? SiD` Firefox 1 05-25-2004 02:44 PM



Advertisments