«

Hi all, (especially Microsoft)

We currently try to integrate our Smart Card to be used in Wireless EAP-TLS
authentication.
Our Smart Card is currently is used for Microsoft Windows Certificate Logon.
To support the EAP-TLS, we add Client Authentication to the Extended Key
Usage (EKU).
But we are failed. The Microsoft complain the "Windows was unable to find a
certificate to log you on the network XXXX".

Upon this error, we are trying to use certificate from Certificate Store.

Certificate #1:
EKU=Client Authentication
Key Usage=Digital Signature, keyEncipherment, keyAgreement

MS Windows do not complain when we are using Certificate#1.

We delete Certificate#1 from Certificate store and import Certificate# 2.

Certifcate #2:
EKU=Client Authentication, Smart Card Logon
Key Usage=Digital Signature, keyEncipherment, keyAgreement

And ha ha ......

The MS Windows complain "Windows was unable to find a certificate to log you
on the network XXXX".

Why does the Smart Card Logon on EKU make the EAP-TLS failed ?

We need to this two EKU on one Certificate because currently Microsoft
called our CSP using "default container" for Smart Card Logon and EAP-TLS.
And we cannot differentiate who is actually calling our CSP.

Has anyone face this problem before ?

Can someone from Microsoft confirm about this problem ?

Thank in advance for any help or idea......

Rudy

Sorry to state the obvious, but did you troubleshoot the certificate in all
other ways? Try creating new/fresh certificates? Compare them to make sure
that the only difference is the EKU? Etc? Make sure it's in the right store?
Are you seeing this only with the smartcard EKU or does the problem occur
when any EKU is added to the Client Authentication?

What method are you using to generate the certificates?

Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
the problem only surface with wireless?

Thanks.

If you want, I can try to take a look at the 2 certificates to compare them.

--
Standard Disclaimers -
This posting is provided "AS IS" with no warranties,
and confers no rights. Please do not send e-mail directly
to this alias. This alias is for newsgroup purposes only.


"erha" <> wrote in message
news:%...
> Hi all, (especially Microsoft)
>
> We currently try to integrate our Smart Card to be used in Wireless
> EAP-TLS
> authentication.
> Our Smart Card is currently is used for Microsoft Windows Certificate
> Logon.
> To support the EAP-TLS, we add Client Authentication to the Extended Key
> Usage (EKU).
> But we are failed. The Microsoft complain the "Windows was unable to find
> a
> certificate to log you on the network XXXX".
>
> Upon this error, we are trying to use certificate from Certificate Store.
>
> Certificate #1:
> EKU=Client Authentication
> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>
> MS Windows do not complain when we are using Certificate#1.
>
> We delete Certificate#1 from Certificate store and import Certificate# 2.
>
> Certifcate #2:
> EKU=Client Authentication, Smart Card Logon
> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>
> And ha ha ......
>
> The MS Windows complain "Windows was unable to find a certificate to log
> you
> on the network XXXX".
>
> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>
> We need to this two EKU on one Certificate because currently Microsoft
> called our CSP using "default container" for Smart Card Logon and EAP-TLS.
> And we cannot differentiate who is actually calling our CSP.
>
> Has anyone face this problem before ?
>
> Can someone from Microsoft confirm about this problem ?
>
> Thank in advance for any help or idea......
>
> Rudy
>
>

i do have about same problem, although it might be different.. i'm not 100%
following everything here.. but here is what i have

once, i switch my router from WEP to WAP-PSK, my computer displays following

Windows was unable to find a certificate to log you to the network

i however did not create any certificates, i'm not really sure which one
exactly do i need to be honest..

but the main problem is that after i get connected i lose my connection
after 1-2 mins tops and the only thing i have left to do is to turn radio
off and turn it back to be able to connect for another minute or so..

is it suppose to be like that? or am i just misconfigure something ( it
needs that certificiate ) if so can you refer me to your website where it
describes which certificate do i need to create, where to put it and how to
create it? basically step by step guide..

thank you so much




"Carl DaVault [MSFT]" <> wrote in message
news:...
> Sorry to state the obvious, but did you troubleshoot the certificate in
> all other ways? Try creating new/fresh certificates? Compare them to make
> sure that the only difference is the EKU? Etc? Make sure it's in the right
> store? Are you seeing this only with the smartcard EKU or does the problem
> occur when any EKU is added to the Client Authentication?
>
> What method are you using to generate the certificates?
>
> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
> the problem only surface with wireless?
>
> Thanks.
>
> If you want, I can try to take a look at the 2 certificates to compare
> them.
>
> --
> Standard Disclaimers -
> This posting is provided "AS IS" with no warranties,
> and confers no rights. Please do not send e-mail directly
> to this alias. This alias is for newsgroup purposes only.
>
>
> "erha" <> wrote in message
> news:%...
>> Hi all, (especially Microsoft)
>>
>> We currently try to integrate our Smart Card to be used in Wireless
>> EAP-TLS
>> authentication.
>> Our Smart Card is currently is used for Microsoft Windows Certificate
>> Logon.
>> To support the EAP-TLS, we add Client Authentication to the Extended Key
>> Usage (EKU).
>> But we are failed. The Microsoft complain the "Windows was unable to find
>> a
>> certificate to log you on the network XXXX".
>>
>> Upon this error, we are trying to use certificate from Certificate Store.
>>
>> Certificate #1:
>> EKU=Client Authentication
>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>
>> MS Windows do not complain when we are using Certificate#1.
>>
>> We delete Certificate#1 from Certificate store and import Certificate# 2.
>>
>> Certifcate #2:
>> EKU=Client Authentication, Smart Card Logon
>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>
>> And ha ha ......
>>
>> The MS Windows complain "Windows was unable to find a certificate to log
>> you
>> on the network XXXX".
>>
>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>
>> We need to this two EKU on one Certificate because currently Microsoft
>> called our CSP using "default container" for Smart Card Logon and
>> EAP-TLS.
>> And we cannot differentiate who is actually calling our CSP.
>>
>> Has anyone face this problem before ?
>>
>> Can someone from Microsoft confirm about this problem ?
>>
>> Thank in advance for any help or idea......
>>
>> Rudy
>>
>>
>
>

You should turn off 802.1x authentication if you are not using it.

This will make the problem go away. Are you sure you set it to WPA-PSK and
not WPA?

http://support.microsoft.com/default...b;en-us;814123

--
Standard Disclaimers -
This posting is provided "AS IS" with no warranties,
and confers no rights. Please do not send e-mail directly
to this alias. This alias is for newsgroup purposes only.


"John Smith" <> wrote in message
news:kpFae.16924$...
>i do have about same problem, although it might be different.. i'm not 100%
>following everything here.. but here is what i have
>
> once, i switch my router from WEP to WAP-PSK, my computer displays
> following
>
> Windows was unable to find a certificate to log you to the network
>
> i however did not create any certificates, i'm not really sure which one
> exactly do i need to be honest..
>
> but the main problem is that after i get connected i lose my connection
> after 1-2 mins tops and the only thing i have left to do is to turn radio
> off and turn it back to be able to connect for another minute or so..
>
> is it suppose to be like that? or am i just misconfigure something ( it
> needs that certificiate ) if so can you refer me to your website where it
> describes which certificate do i need to create, where to put it and how
> to create it? basically step by step guide..
>
> thank you so much
>
>
>
>
> "Carl DaVault [MSFT]" <> wrote in message
> news:...
>> Sorry to state the obvious, but did you troubleshoot the certificate in
>> all other ways? Try creating new/fresh certificates? Compare them to make
>> sure that the only difference is the EKU? Etc? Make sure it's in the
>> right store? Are you seeing this only with the smartcard EKU or does the
>> problem occur when any EKU is added to the Client Authentication?
>>
>> What method are you using to generate the certificates?
>>
>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
>> the problem only surface with wireless?
>>
>> Thanks.
>>
>> If you want, I can try to take a look at the 2 certificates to compare
>> them.
>>
>> --
>> Standard Disclaimers -
>> This posting is provided "AS IS" with no warranties,
>> and confers no rights. Please do not send e-mail directly
>> to this alias. This alias is for newsgroup purposes only.
>>
>>
>> "erha" <> wrote in message
>> news:%...
>>> Hi all, (especially Microsoft)
>>>
>>> We currently try to integrate our Smart Card to be used in Wireless
>>> EAP-TLS
>>> authentication.
>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>> Logon.
>>> To support the EAP-TLS, we add Client Authentication to the Extended Key
>>> Usage (EKU).
>>> But we are failed. The Microsoft complain the "Windows was unable to
>>> find a
>>> certificate to log you on the network XXXX".
>>>
>>> Upon this error, we are trying to use certificate from Certificate
>>> Store.
>>>
>>> Certificate #1:
>>> EKU=Client Authentication
>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>
>>> MS Windows do not complain when we are using Certificate#1.
>>>
>>> We delete Certificate#1 from Certificate store and import Certificate#
>>> 2.
>>>
>>> Certifcate #2:
>>> EKU=Client Authentication, Smart Card Logon
>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>
>>> And ha ha ......
>>>
>>> The MS Windows complain "Windows was unable to find a certificate to log
>>> you
>>> on the network XXXX".
>>>
>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>
>>> We need to this two EKU on one Certificate because currently Microsoft
>>> called our CSP using "default container" for Smart Card Logon and
>>> EAP-TLS.
>>> And we cannot differentiate who is actually calling our CSP.
>>>
>>> Has anyone face this problem before ?
>>>
>>> Can someone from Microsoft confirm about this problem ?
>>>
>>> Thank in advance for any help or idea......
>>>
>>> Rudy
>>>
>>>
>>
>>
>
>

i have already turned off 802.1x authentication

and yes, I'm using WPA-PSK not just WPA



"Carl DaVault [MSFT]" <> wrote in message
news:...
> You should turn off 802.1x authentication if you are not using it.
>
> This will make the problem go away. Are you sure you set it to WPA-PSK and
> not WPA?
>
> http://support.microsoft.com/default...b;en-us;814123
>
> --
> Standard Disclaimers -
> This posting is provided "AS IS" with no warranties,
> and confers no rights. Please do not send e-mail directly
> to this alias. This alias is for newsgroup purposes only.
>
>
> "John Smith" <> wrote in message
> news:kpFae.16924$...
>>i do have about same problem, although it might be different.. i'm not
>>100% following everything here.. but here is what i have
>>
>> once, i switch my router from WEP to WAP-PSK, my computer displays
>> following
>>
>> Windows was unable to find a certificate to log you to the network
>>
>> i however did not create any certificates, i'm not really sure which one
>> exactly do i need to be honest..
>>
>> but the main problem is that after i get connected i lose my connection
>> after 1-2 mins tops and the only thing i have left to do is to turn radio
>> off and turn it back to be able to connect for another minute or so..
>>
>> is it suppose to be like that? or am i just misconfigure something ( it
>> needs that certificiate ) if so can you refer me to your website where it
>> describes which certificate do i need to create, where to put it and how
>> to create it? basically step by step guide..
>>
>> thank you so much
>>
>>
>>
>>
>> "Carl DaVault [MSFT]" <> wrote in message
>> news:...
>>> Sorry to state the obvious, but did you troubleshoot the certificate in
>>> all other ways? Try creating new/fresh certificates? Compare them to
>>> make sure that the only difference is the EKU? Etc? Make sure it's in
>>> the right store? Are you seeing this only with the smartcard EKU or does
>>> the problem occur when any EKU is added to the Client Authentication?
>>>
>>> What method are you using to generate the certificates?
>>>
>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
>>> does the problem only surface with wireless?
>>>
>>> Thanks.
>>>
>>> If you want, I can try to take a look at the 2 certificates to compare
>>> them.
>>>
>>> --
>>> Standard Disclaimers -
>>> This posting is provided "AS IS" with no warranties,
>>> and confers no rights. Please do not send e-mail directly
>>> to this alias. This alias is for newsgroup purposes only.
>>>
>>>
>>> "erha" <> wrote in message
>>> news:%...
>>>> Hi all, (especially Microsoft)
>>>>
>>>> We currently try to integrate our Smart Card to be used in Wireless
>>>> EAP-TLS
>>>> authentication.
>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>>> Logon.
>>>> To support the EAP-TLS, we add Client Authentication to the Extended
>>>> Key
>>>> Usage (EKU).
>>>> But we are failed. The Microsoft complain the "Windows was unable to
>>>> find a
>>>> certificate to log you on the network XXXX".
>>>>
>>>> Upon this error, we are trying to use certificate from Certificate
>>>> Store.
>>>>
>>>> Certificate #1:
>>>> EKU=Client Authentication
>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>
>>>> MS Windows do not complain when we are using Certificate#1.
>>>>
>>>> We delete Certificate#1 from Certificate store and import Certificate#
>>>> 2.
>>>>
>>>> Certifcate #2:
>>>> EKU=Client Authentication, Smart Card Logon
>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>
>>>> And ha ha ......
>>>>
>>>> The MS Windows complain "Windows was unable to find a certificate to
>>>> log you
>>>> on the network XXXX".
>>>>
>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>>
>>>> We need to this two EKU on one Certificate because currently Microsoft
>>>> called our CSP using "default container" for Smart Card Logon and
>>>> EAP-TLS.
>>>> And we cannot differentiate who is actually calling our CSP.
>>>>
>>>> Has anyone face this problem before ?
>>>>
>>>> Can someone from Microsoft confirm about this problem ?
>>>>
>>>> Thank in advance for any help or idea......
>>>>
>>>> Rudy
>>>>
>>>>
>>>
>>>
>>
>>
>
>

any respond?


"John Smith" <> wrote in message
news:cChce.167$...
>i have already turned off 802.1x authentication
>
> and yes, I'm using WPA-PSK not just WPA
>
>
>
> "Carl DaVault [MSFT]" <> wrote in message
> news:...
>> You should turn off 802.1x authentication if you are not using it.
>>
>> This will make the problem go away. Are you sure you set it to WPA-PSK
>> and not WPA?
>>
>> http://support.microsoft.com/default...b;en-us;814123
>>
>> --
>> Standard Disclaimers -
>> This posting is provided "AS IS" with no warranties,
>> and confers no rights. Please do not send e-mail directly
>> to this alias. This alias is for newsgroup purposes only.
>>
>>
>> "John Smith" <> wrote in message
>> news:kpFae.16924$...
>>>i do have about same problem, although it might be different.. i'm not
>>>100% following everything here.. but here is what i have
>>>
>>> once, i switch my router from WEP to WAP-PSK, my computer displays
>>> following
>>>
>>> Windows was unable to find a certificate to log you to the network
>>>
>>> i however did not create any certificates, i'm not really sure which one
>>> exactly do i need to be honest..
>>>
>>> but the main problem is that after i get connected i lose my connection
>>> after 1-2 mins tops and the only thing i have left to do is to turn
>>> radio off and turn it back to be able to connect for another minute or
>>> so..
>>>
>>> is it suppose to be like that? or am i just misconfigure something ( it
>>> needs that certificiate ) if so can you refer me to your website where
>>> it describes which certificate do i need to create, where to put it and
>>> how to create it? basically step by step guide..
>>>
>>> thank you so much
>>>
>>>
>>>
>>>
>>> "Carl DaVault [MSFT]" <> wrote in message
>>> news:...
>>>> Sorry to state the obvious, but did you troubleshoot the certificate in
>>>> all other ways? Try creating new/fresh certificates? Compare them to
>>>> make sure that the only difference is the EKU? Etc? Make sure it's in
>>>> the right store? Are you seeing this only with the smartcard EKU or
>>>> does the problem occur when any EKU is added to the Client
>>>> Authentication?
>>>>
>>>> What method are you using to generate the certificates?
>>>>
>>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
>>>> does the problem only surface with wireless?
>>>>
>>>> Thanks.
>>>>
>>>> If you want, I can try to take a look at the 2 certificates to compare
>>>> them.
>>>>
>>>> --
>>>> Standard Disclaimers -
>>>> This posting is provided "AS IS" with no warranties,
>>>> and confers no rights. Please do not send e-mail directly
>>>> to this alias. This alias is for newsgroup purposes only.
>>>>
>>>>
>>>> "erha" <> wrote in message
>>>> news:%...
>>>>> Hi all, (especially Microsoft)
>>>>>
>>>>> We currently try to integrate our Smart Card to be used in Wireless
>>>>> EAP-TLS
>>>>> authentication.
>>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>>>> Logon.
>>>>> To support the EAP-TLS, we add Client Authentication to the Extended
>>>>> Key
>>>>> Usage (EKU).
>>>>> But we are failed. The Microsoft complain the "Windows was unable to
>>>>> find a
>>>>> certificate to log you on the network XXXX".
>>>>>
>>>>> Upon this error, we are trying to use certificate from Certificate
>>>>> Store.
>>>>>
>>>>> Certificate #1:
>>>>> EKU=Client Authentication
>>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>>
>>>>> MS Windows do not complain when we are using Certificate#1.
>>>>>
>>>>> We delete Certificate#1 from Certificate store and import Certificate#
>>>>> 2.
>>>>>
>>>>> Certifcate #2:
>>>>> EKU=Client Authentication, Smart Card Logon
>>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>>
>>>>> And ha ha ......
>>>>>
>>>>> The MS Windows complain "Windows was unable to find a certificate to
>>>>> log you
>>>>> on the network XXXX".
>>>>>
>>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>>>
>>>>> We need to this two EKU on one Certificate because currently Microsoft
>>>>> called our CSP using "default container" for Smart Card Logon and
>>>>> EAP-TLS.
>>>>> And we cannot differentiate who is actually calling our CSP.
>>>>>
>>>>> Has anyone face this problem before ?
>>>>>
>>>>> Can someone from Microsoft confirm about this problem ?
>>>>>
>>>>> Thank in advance for any help or idea......
>>>>>
>>>>> Rudy
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Hi Carl,

Yes for sure the two certificate only different on the EKU and both of
them is imported to Current User Certificate Store.

On my testing, I do not use the Certificate from the Smart Card.
Instead I create the Certificate and import PKCS#12 to the Current User
Certificate Store.

The Certificate is created by our own product and it is working fine so
far. We can do a Certificate Logon correctly.

I can send the two certificates to you if you want but could we do this
offline.

I could not get your email address since I post this message from
google. Can you please send your email to ?
(Please remove '-nospam' from the email address)

yet another interesting thing...

i just tryed it with another router LinkSys this time.. i'm using WAP-PSK..
doesn't tell me nothin about certificate...



<> wrote in message
news: oups.com...
> Hi Carl,
>
> Yes for sure the two certificate only different on the EKU and both of
> them is imported to Current User Certificate Store.
>
> On my testing, I do not use the Certificate from the Smart Card.
> Instead I create the Certificate and import PKCS#12 to the Current User
> Certificate Store.
>
> The Certificate is created by our own product and it is working fine so
> far. We can do a Certificate Logon correctly.
>
> I can send the two certificates to you if you want but could we do this
> offline.
>
> I could not get your email address since I post this message from
> google. Can you please send your email to ?
> (Please remove '-nospam' from the email address)
>