Wireless Networking - RADIUS and Verisign cert for wireless

04-24-2009, 04:44 PM

I am trying to start utilizing a Verisign WLAN certificate within my wireless
environment, almost specifically because Blackberries can't be told to ignore
the server cert like Windows can be. I've followed both Microsoft's guide
(http://www.microsoft.com/downloads/d...DisplayLang=en)
as well as several guides that Verisign publishes for purchasing and
installing their cert. I'm relatively sure that the cert is installed
properly. Someone at Verisign walked me through doing that over the phone
yesterday.

Inside of IAS I already had a Remote Access Policy for my wireless clients I
just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP) >
Certificate issued | field to the new Verisign Class 3 WLAN Secure Server CA
instead of the other cert.

When clients go to connect I get this error inside the System Event Log:

Could not retrieve the Remote Access Server's certificate due to the
following error: The credentials supplied to the package were not recognized

Directly followed by this error:

Access request for user OURDOMAIN\jvillarreal was discarded.

Fully-Qualified-User-Name = ourdomain.org/Information
Technology/Users/Jordan Villarreal

NAS-IP-Address = 10.0.0.17

NAS-Identifier = TCHMCRCSWISMA0

Called-Station-Identifier = 00-1D-70-92-D1-10:testNET

Calling-Station-Identifier = 00-1F-3C-A2-EE-1F

Client-Friendly-Name = TCHMCRCSWISMA0

Client-IP-Address = 10.0.0.17

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 29

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Reason-Code = 1

Reason = An internal error occurred. Check the system event log for
additional information.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp .

I'm almost at my wits end with this issue. If anyone has any ideas I'd be
enormously grateful.

jvillarreal

04-24-2009, 08:27 PM

In most cases, this is related to certificate settings. This post may help.

IAS Event ID 3 Reason-Code = 1
http://www.chicagotech.net/netforums...hp?p=9904#9904

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

"jvillarreal" <> wrote in message
news:314922BB-BD53-42F5-9F99-...
>I am trying to start utilizing a Verisign WLAN certificate within my
>wireless
> environment, almost specifically because Blackberries can't be told to
> ignore
> the server cert like Windows can be. I've followed both Microsoft's guide
> (http://www.microsoft.com/downloads/d...DisplayLang=en)
> as well as several guides that Verisign publishes for purchasing and
> installing their cert. I'm relatively sure that the cert is installed
> properly. Someone at Verisign walked me through doing that over the phone
> yesterday.
>
> Inside of IAS I already had a Remote Access Policy for my wireless clients
> I
> just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP)
> >
> Certificate issued | field to the new Verisign Class 3 WLAN Secure Server
> CA
> instead of the other cert.
>
> When clients go to connect I get this error inside the System Event Log:
>
> Could not retrieve the Remote Access Server's certificate due to the
> following error: The credentials supplied to the package were not
> recognized
>
> Directly followed by this error:
>
> Access request for user OURDOMAIN\jvillarreal was discarded.
>
> Fully-Qualified-User-Name = ourdomain.org/Information
> Technology/Users/Jordan Villarreal
>
> NAS-IP-Address = 10.0.0.17
>
> NAS-Identifier = TCHMCRCSWISMA0
>
> Called-Station-Identifier = 00-1D-70-92-D1-10:testNET
>
> Calling-Station-Identifier = 00-1F-3C-A2-EE-1F
>
> Client-Friendly-Name = TCHMCRCSWISMA0
>
> Client-IP-Address = 10.0.0.17
>
> NAS-Port-Type = Wireless - IEEE 802.11
>
> NAS-Port = 29
>
> Proxy-Policy-Name = Use Windows authentication for all users
>
> Authentication-Provider = Windows
>
> Authentication-Server = <undetermined>
>
> Reason-Code = 1
>
> Reason = An internal error occurred. Check the system event log for
> additional information.
>
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp .
>
> I'm almost at my wits end with this issue. If anyone has any ideas I'd be
> enormously grateful.

Bob Lin \(MS-MVP\)

04-24-2009, 08:27 PM	#2
Bob Lin \(MS-MVP\) Posts: n/a	Re: RADIUS and Verisign cert for wireless In most cases, this is related to certificate settings. This post may help. IAS Event ID 3 Reason-Code = 1 http://www.chicagotech.net/netforums...hp?p=9904#9904 -- Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "jvillarreal" <> wrote in message news:314922BB-BD53-42F5-9F99-... >I am trying to start utilizing a Verisign WLAN certificate within my >wireless > environment, almost specifically because Blackberries can't be told to > ignore > the server cert like Windows can be. I've followed both Microsoft's guide > (http://www.microsoft.com/downloads/d...DisplayLang=en) > as well as several guides that Verisign publishes for purchasing and > installing their cert. I'm relatively sure that the cert is installed > properly. Someone at Verisign walked me through doing that over the phone > yesterday. > > Inside of IAS I already had a Remote Access Policy for my wireless clients > I > just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP) > > > Certificate issued \| field to the new Verisign Class 3 WLAN Secure Server > CA > instead of the other cert. > > When clients go to connect I get this error inside the System Event Log: > > Could not retrieve the Remote Access Server's certificate due to the > following error: The credentials supplied to the package were not > recognized > > Directly followed by this error: > > Access request for user OURDOMAIN\jvillarreal was discarded. > > Fully-Qualified-User-Name = ourdomain.org/Information > Technology/Users/Jordan Villarreal > > NAS-IP-Address = 10.0.0.17 > > NAS-Identifier = TCHMCRCSWISMA0 > > Called-Station-Identifier = 00-1D-70-92-D1-10:testNET > > Calling-Station-Identifier = 00-1F-3C-A2-EE-1F > > Client-Friendly-Name = TCHMCRCSWISMA0 > > Client-IP-Address = 10.0.0.17 > > NAS-Port-Type = Wireless - IEEE 802.11 > > NAS-Port = 29 > > Proxy-Policy-Name = Use Windows authentication for all users > > Authentication-Provider = Windows > > Authentication-Server = <undetermined> > > Reason-Code = 1 > > Reason = An internal error occurred. Check the system event log for > additional information. > > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp . > > I'm almost at my wits end with this issue. If anyone has any ideas I'd be > enormously grateful. Bob Lin \(MS-MVP\)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

04-24-2009, 04:44 PM	#1
	RADIUS and Verisign cert for wireless I am trying to start utilizing a Verisign WLAN certificate within my wireless environment, almost specifically because Blackberries can't be told to ignore the server cert like Windows can be. I've followed both Microsoft's guide (http://www.microsoft.com/downloads/d...DisplayLang=en) as well as several guides that Verisign publishes for purchasing and installing their cert. I'm relatively sure that the cert is installed properly. Someone at Verisign walked me through doing that over the phone yesterday. Inside of IAS I already had a Remote Access Policy for my wireless clients I just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP) > Certificate issued \| field to the new Verisign Class 3 WLAN Secure Server CA instead of the other cert. When clients go to connect I get this error inside the System Event Log: Could not retrieve the Remote Access Server's certificate due to the following error: The credentials supplied to the package were not recognized Directly followed by this error: Access request for user OURDOMAIN\jvillarreal was discarded. Fully-Qualified-User-Name = ourdomain.org/Information Technology/Users/Jordan Villarreal NAS-IP-Address = 10.0.0.17 NAS-Identifier = TCHMCRCSWISMA0 Called-Station-Identifier = 00-1D-70-92-D1-10:testNET Calling-Station-Identifier = 00-1F-3C-A2-EE-1F Client-Friendly-Name = TCHMCRCSWISMA0 Client-IP-Address = 10.0.0.17 NAS-Port-Type = Wireless - IEEE 802.11 NAS-Port = 29 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Reason-Code = 1 Reason = An internal error occurred. Check the system event log for additional information. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp . I'm almost at my wits end with this issue. If anyone has any ideas I'd be enormously grateful. jvillarreal