BUGS ???

Discussion in 'Wireless Networking' started by erha, Apr 18, 2005.

  1. erha

    erha Guest

    Hi all, (especially Microsoft)

    We currently try to integrate our Smart Card to be used in Wireless EAP-TLS
    authentication.
    Our Smart Card is currently is used for Microsoft Windows Certificate Logon.
    To support the EAP-TLS, we add Client Authentication to the Extended Key
    Usage (EKU).
    But we are failed. The Microsoft complain the "Windows was unable to find a
    certificate to log you on the network XXXX".

    Upon this error, we are trying to use certificate from Certificate Store.

    Certificate #1:
    EKU=Client Authentication
    Key Usage=Digital Signature, keyEncipherment, keyAgreement

    MS Windows do not complain when we are using Certificate#1.

    We delete Certificate#1 from Certificate store and import Certificate# 2.

    Certifcate #2:
    EKU=Client Authentication, Smart Card Logon
    Key Usage=Digital Signature, keyEncipherment, keyAgreement

    And ha ha ......

    The MS Windows complain "Windows was unable to find a certificate to log you
    on the network XXXX".

    Why does the Smart Card Logon on EKU make the EAP-TLS failed ?

    We need to this two EKU on one Certificate because currently Microsoft
    called our CSP using "default container" for Smart Card Logon and EAP-TLS.
    And we cannot differentiate who is actually calling our CSP.

    Has anyone face this problem before ?

    Can someone from Microsoft confirm about this problem ?

    Thank in advance for any help or idea......

    Rudy
     
    erha, Apr 18, 2005
    #1
    1. Advertising

  2. Sorry to state the obvious, but did you troubleshoot the certificate in all
    other ways? Try creating new/fresh certificates? Compare them to make sure
    that the only difference is the EKU? Etc? Make sure it's in the right store?
    Are you seeing this only with the smartcard EKU or does the problem occur
    when any EKU is added to the Client Authentication?

    What method are you using to generate the certificates?

    Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
    the problem only surface with wireless?

    Thanks.

    If you want, I can try to take a look at the 2 certificates to compare them.

    --
    Standard Disclaimers -
    This posting is provided "AS IS" with no warranties,
    and confers no rights. Please do not send e-mail directly
    to this alias. This alias is for newsgroup purposes only.


    "erha" <> wrote in message
    news:%...
    > Hi all, (especially Microsoft)
    >
    > We currently try to integrate our Smart Card to be used in Wireless
    > EAP-TLS
    > authentication.
    > Our Smart Card is currently is used for Microsoft Windows Certificate
    > Logon.
    > To support the EAP-TLS, we add Client Authentication to the Extended Key
    > Usage (EKU).
    > But we are failed. The Microsoft complain the "Windows was unable to find
    > a
    > certificate to log you on the network XXXX".
    >
    > Upon this error, we are trying to use certificate from Certificate Store.
    >
    > Certificate #1:
    > EKU=Client Authentication
    > Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >
    > MS Windows do not complain when we are using Certificate#1.
    >
    > We delete Certificate#1 from Certificate store and import Certificate# 2.
    >
    > Certifcate #2:
    > EKU=Client Authentication, Smart Card Logon
    > Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >
    > And ha ha ......
    >
    > The MS Windows complain "Windows was unable to find a certificate to log
    > you
    > on the network XXXX".
    >
    > Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
    >
    > We need to this two EKU on one Certificate because currently Microsoft
    > called our CSP using "default container" for Smart Card Logon and EAP-TLS.
    > And we cannot differentiate who is actually calling our CSP.
    >
    > Has anyone face this problem before ?
    >
    > Can someone from Microsoft confirm about this problem ?
    >
    > Thank in advance for any help or idea......
    >
    > Rudy
    >
    >
     
    Carl DaVault [MSFT], Apr 22, 2005
    #2
    1. Advertising

  3. erha

    John Smith Guest

    i do have about same problem, although it might be different.. i'm not 100%
    following everything here.. but here is what i have

    once, i switch my router from WEP to WAP-PSK, my computer displays following

    Windows was unable to find a certificate to log you to the network

    i however did not create any certificates, i'm not really sure which one
    exactly do i need to be honest..

    but the main problem is that after i get connected i lose my connection
    after 1-2 mins tops and the only thing i have left to do is to turn radio
    off and turn it back to be able to connect for another minute or so..

    is it suppose to be like that? or am i just misconfigure something ( it
    needs that certificiate ) if so can you refer me to your website where it
    describes which certificate do i need to create, where to put it and how to
    create it? basically step by step guide..

    thank you so much




    "Carl DaVault [MSFT]" <> wrote in message
    news:...
    > Sorry to state the obvious, but did you troubleshoot the certificate in
    > all other ways? Try creating new/fresh certificates? Compare them to make
    > sure that the only difference is the EKU? Etc? Make sure it's in the right
    > store? Are you seeing this only with the smartcard EKU or does the problem
    > occur when any EKU is added to the Client Authentication?
    >
    > What method are you using to generate the certificates?
    >
    > Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
    > the problem only surface with wireless?
    >
    > Thanks.
    >
    > If you want, I can try to take a look at the 2 certificates to compare
    > them.
    >
    > --
    > Standard Disclaimers -
    > This posting is provided "AS IS" with no warranties,
    > and confers no rights. Please do not send e-mail directly
    > to this alias. This alias is for newsgroup purposes only.
    >
    >
    > "erha" <> wrote in message
    > news:%...
    >> Hi all, (especially Microsoft)
    >>
    >> We currently try to integrate our Smart Card to be used in Wireless
    >> EAP-TLS
    >> authentication.
    >> Our Smart Card is currently is used for Microsoft Windows Certificate
    >> Logon.
    >> To support the EAP-TLS, we add Client Authentication to the Extended Key
    >> Usage (EKU).
    >> But we are failed. The Microsoft complain the "Windows was unable to find
    >> a
    >> certificate to log you on the network XXXX".
    >>
    >> Upon this error, we are trying to use certificate from Certificate Store.
    >>
    >> Certificate #1:
    >> EKU=Client Authentication
    >> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>
    >> MS Windows do not complain when we are using Certificate#1.
    >>
    >> We delete Certificate#1 from Certificate store and import Certificate# 2.
    >>
    >> Certifcate #2:
    >> EKU=Client Authentication, Smart Card Logon
    >> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>
    >> And ha ha ......
    >>
    >> The MS Windows complain "Windows was unable to find a certificate to log
    >> you
    >> on the network XXXX".
    >>
    >> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
    >>
    >> We need to this two EKU on one Certificate because currently Microsoft
    >> called our CSP using "default container" for Smart Card Logon and
    >> EAP-TLS.
    >> And we cannot differentiate who is actually calling our CSP.
    >>
    >> Has anyone face this problem before ?
    >>
    >> Can someone from Microsoft confirm about this problem ?
    >>
    >> Thank in advance for any help or idea......
    >>
    >> Rudy
    >>
    >>

    >
    >
     
    John Smith, Apr 24, 2005
    #3
  4. You should turn off 802.1x authentication if you are not using it.

    This will make the problem go away. Are you sure you set it to WPA-PSK and
    not WPA?

    http://support.microsoft.com/default.aspx?scid=kb;en-us;814123

    --
    Standard Disclaimers -
    This posting is provided "AS IS" with no warranties,
    and confers no rights. Please do not send e-mail directly
    to this alias. This alias is for newsgroup purposes only.


    "John Smith" <> wrote in message
    news:kpFae.16924$...
    >i do have about same problem, although it might be different.. i'm not 100%
    >following everything here.. but here is what i have
    >
    > once, i switch my router from WEP to WAP-PSK, my computer displays
    > following
    >
    > Windows was unable to find a certificate to log you to the network
    >
    > i however did not create any certificates, i'm not really sure which one
    > exactly do i need to be honest..
    >
    > but the main problem is that after i get connected i lose my connection
    > after 1-2 mins tops and the only thing i have left to do is to turn radio
    > off and turn it back to be able to connect for another minute or so..
    >
    > is it suppose to be like that? or am i just misconfigure something ( it
    > needs that certificiate ) if so can you refer me to your website where it
    > describes which certificate do i need to create, where to put it and how
    > to create it? basically step by step guide..
    >
    > thank you so much
    >
    >
    >
    >
    > "Carl DaVault [MSFT]" <> wrote in message
    > news:...
    >> Sorry to state the obvious, but did you troubleshoot the certificate in
    >> all other ways? Try creating new/fresh certificates? Compare them to make
    >> sure that the only difference is the EKU? Etc? Make sure it's in the
    >> right store? Are you seeing this only with the smartcard EKU or does the
    >> problem occur when any EKU is added to the Client Authentication?
    >>
    >> What method are you using to generate the certificates?
    >>
    >> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
    >> the problem only surface with wireless?
    >>
    >> Thanks.
    >>
    >> If you want, I can try to take a look at the 2 certificates to compare
    >> them.
    >>
    >> --
    >> Standard Disclaimers -
    >> This posting is provided "AS IS" with no warranties,
    >> and confers no rights. Please do not send e-mail directly
    >> to this alias. This alias is for newsgroup purposes only.
    >>
    >>
    >> "erha" <> wrote in message
    >> news:%...
    >>> Hi all, (especially Microsoft)
    >>>
    >>> We currently try to integrate our Smart Card to be used in Wireless
    >>> EAP-TLS
    >>> authentication.
    >>> Our Smart Card is currently is used for Microsoft Windows Certificate
    >>> Logon.
    >>> To support the EAP-TLS, we add Client Authentication to the Extended Key
    >>> Usage (EKU).
    >>> But we are failed. The Microsoft complain the "Windows was unable to
    >>> find a
    >>> certificate to log you on the network XXXX".
    >>>
    >>> Upon this error, we are trying to use certificate from Certificate
    >>> Store.
    >>>
    >>> Certificate #1:
    >>> EKU=Client Authentication
    >>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>>
    >>> MS Windows do not complain when we are using Certificate#1.
    >>>
    >>> We delete Certificate#1 from Certificate store and import Certificate#
    >>> 2.
    >>>
    >>> Certifcate #2:
    >>> EKU=Client Authentication, Smart Card Logon
    >>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>>
    >>> And ha ha ......
    >>>
    >>> The MS Windows complain "Windows was unable to find a certificate to log
    >>> you
    >>> on the network XXXX".
    >>>
    >>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
    >>>
    >>> We need to this two EKU on one Certificate because currently Microsoft
    >>> called our CSP using "default container" for Smart Card Logon and
    >>> EAP-TLS.
    >>> And we cannot differentiate who is actually calling our CSP.
    >>>
    >>> Has anyone face this problem before ?
    >>>
    >>> Can someone from Microsoft confirm about this problem ?
    >>>
    >>> Thank in advance for any help or idea......
    >>>
    >>> Rudy
    >>>
    >>>

    >>
    >>

    >
    >
     
    Carl DaVault [MSFT], Apr 28, 2005
    #4
  5. erha

    John Smith Guest

    i have already turned off 802.1x authentication

    and yes, I'm using WPA-PSK not just WPA



    "Carl DaVault [MSFT]" <> wrote in message
    news:...
    > You should turn off 802.1x authentication if you are not using it.
    >
    > This will make the problem go away. Are you sure you set it to WPA-PSK and
    > not WPA?
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;814123
    >
    > --
    > Standard Disclaimers -
    > This posting is provided "AS IS" with no warranties,
    > and confers no rights. Please do not send e-mail directly
    > to this alias. This alias is for newsgroup purposes only.
    >
    >
    > "John Smith" <> wrote in message
    > news:kpFae.16924$...
    >>i do have about same problem, although it might be different.. i'm not
    >>100% following everything here.. but here is what i have
    >>
    >> once, i switch my router from WEP to WAP-PSK, my computer displays
    >> following
    >>
    >> Windows was unable to find a certificate to log you to the network
    >>
    >> i however did not create any certificates, i'm not really sure which one
    >> exactly do i need to be honest..
    >>
    >> but the main problem is that after i get connected i lose my connection
    >> after 1-2 mins tops and the only thing i have left to do is to turn radio
    >> off and turn it back to be able to connect for another minute or so..
    >>
    >> is it suppose to be like that? or am i just misconfigure something ( it
    >> needs that certificiate ) if so can you refer me to your website where it
    >> describes which certificate do i need to create, where to put it and how
    >> to create it? basically step by step guide..
    >>
    >> thank you so much
    >>
    >>
    >>
    >>
    >> "Carl DaVault [MSFT]" <> wrote in message
    >> news:...
    >>> Sorry to state the obvious, but did you troubleshoot the certificate in
    >>> all other ways? Try creating new/fresh certificates? Compare them to
    >>> make sure that the only difference is the EKU? Etc? Make sure it's in
    >>> the right store? Are you seeing this only with the smartcard EKU or does
    >>> the problem occur when any EKU is added to the Client Authentication?
    >>>
    >>> What method are you using to generate the certificates?
    >>>
    >>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
    >>> does the problem only surface with wireless?
    >>>
    >>> Thanks.
    >>>
    >>> If you want, I can try to take a look at the 2 certificates to compare
    >>> them.
    >>>
    >>> --
    >>> Standard Disclaimers -
    >>> This posting is provided "AS IS" with no warranties,
    >>> and confers no rights. Please do not send e-mail directly
    >>> to this alias. This alias is for newsgroup purposes only.
    >>>
    >>>
    >>> "erha" <> wrote in message
    >>> news:%...
    >>>> Hi all, (especially Microsoft)
    >>>>
    >>>> We currently try to integrate our Smart Card to be used in Wireless
    >>>> EAP-TLS
    >>>> authentication.
    >>>> Our Smart Card is currently is used for Microsoft Windows Certificate
    >>>> Logon.
    >>>> To support the EAP-TLS, we add Client Authentication to the Extended
    >>>> Key
    >>>> Usage (EKU).
    >>>> But we are failed. The Microsoft complain the "Windows was unable to
    >>>> find a
    >>>> certificate to log you on the network XXXX".
    >>>>
    >>>> Upon this error, we are trying to use certificate from Certificate
    >>>> Store.
    >>>>
    >>>> Certificate #1:
    >>>> EKU=Client Authentication
    >>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>>>
    >>>> MS Windows do not complain when we are using Certificate#1.
    >>>>
    >>>> We delete Certificate#1 from Certificate store and import Certificate#
    >>>> 2.
    >>>>
    >>>> Certifcate #2:
    >>>> EKU=Client Authentication, Smart Card Logon
    >>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>>>
    >>>> And ha ha ......
    >>>>
    >>>> The MS Windows complain "Windows was unable to find a certificate to
    >>>> log you
    >>>> on the network XXXX".
    >>>>
    >>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
    >>>>
    >>>> We need to this two EKU on one Certificate because currently Microsoft
    >>>> called our CSP using "default container" for Smart Card Logon and
    >>>> EAP-TLS.
    >>>> And we cannot differentiate who is actually calling our CSP.
    >>>>
    >>>> Has anyone face this problem before ?
    >>>>
    >>>> Can someone from Microsoft confirm about this problem ?
    >>>>
    >>>> Thank in advance for any help or idea......
    >>>>
    >>>> Rudy
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
     
    John Smith, Apr 29, 2005
    #5
  6. erha

    John Smith Guest

    any respond?


    "John Smith" <> wrote in message
    news:cChce.167$...
    >i have already turned off 802.1x authentication
    >
    > and yes, I'm using WPA-PSK not just WPA
    >
    >
    >
    > "Carl DaVault [MSFT]" <> wrote in message
    > news:...
    >> You should turn off 802.1x authentication if you are not using it.
    >>
    >> This will make the problem go away. Are you sure you set it to WPA-PSK
    >> and not WPA?
    >>
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;814123
    >>
    >> --
    >> Standard Disclaimers -
    >> This posting is provided "AS IS" with no warranties,
    >> and confers no rights. Please do not send e-mail directly
    >> to this alias. This alias is for newsgroup purposes only.
    >>
    >>
    >> "John Smith" <> wrote in message
    >> news:kpFae.16924$...
    >>>i do have about same problem, although it might be different.. i'm not
    >>>100% following everything here.. but here is what i have
    >>>
    >>> once, i switch my router from WEP to WAP-PSK, my computer displays
    >>> following
    >>>
    >>> Windows was unable to find a certificate to log you to the network
    >>>
    >>> i however did not create any certificates, i'm not really sure which one
    >>> exactly do i need to be honest..
    >>>
    >>> but the main problem is that after i get connected i lose my connection
    >>> after 1-2 mins tops and the only thing i have left to do is to turn
    >>> radio off and turn it back to be able to connect for another minute or
    >>> so..
    >>>
    >>> is it suppose to be like that? or am i just misconfigure something ( it
    >>> needs that certificiate ) if so can you refer me to your website where
    >>> it describes which certificate do i need to create, where to put it and
    >>> how to create it? basically step by step guide..
    >>>
    >>> thank you so much
    >>>
    >>>
    >>>
    >>>
    >>> "Carl DaVault [MSFT]" <> wrote in message
    >>> news:...
    >>>> Sorry to state the obvious, but did you troubleshoot the certificate in
    >>>> all other ways? Try creating new/fresh certificates? Compare them to
    >>>> make sure that the only difference is the EKU? Etc? Make sure it's in
    >>>> the right store? Are you seeing this only with the smartcard EKU or
    >>>> does the problem occur when any EKU is added to the Client
    >>>> Authentication?
    >>>>
    >>>> What method are you using to generate the certificates?
    >>>>
    >>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
    >>>> does the problem only surface with wireless?
    >>>>
    >>>> Thanks.
    >>>>
    >>>> If you want, I can try to take a look at the 2 certificates to compare
    >>>> them.
    >>>>
    >>>> --
    >>>> Standard Disclaimers -
    >>>> This posting is provided "AS IS" with no warranties,
    >>>> and confers no rights. Please do not send e-mail directly
    >>>> to this alias. This alias is for newsgroup purposes only.
    >>>>
    >>>>
    >>>> "erha" <> wrote in message
    >>>> news:%...
    >>>>> Hi all, (especially Microsoft)
    >>>>>
    >>>>> We currently try to integrate our Smart Card to be used in Wireless
    >>>>> EAP-TLS
    >>>>> authentication.
    >>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
    >>>>> Logon.
    >>>>> To support the EAP-TLS, we add Client Authentication to the Extended
    >>>>> Key
    >>>>> Usage (EKU).
    >>>>> But we are failed. The Microsoft complain the "Windows was unable to
    >>>>> find a
    >>>>> certificate to log you on the network XXXX".
    >>>>>
    >>>>> Upon this error, we are trying to use certificate from Certificate
    >>>>> Store.
    >>>>>
    >>>>> Certificate #1:
    >>>>> EKU=Client Authentication
    >>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>>>>
    >>>>> MS Windows do not complain when we are using Certificate#1.
    >>>>>
    >>>>> We delete Certificate#1 from Certificate store and import Certificate#
    >>>>> 2.
    >>>>>
    >>>>> Certifcate #2:
    >>>>> EKU=Client Authentication, Smart Card Logon
    >>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
    >>>>>
    >>>>> And ha ha ......
    >>>>>
    >>>>> The MS Windows complain "Windows was unable to find a certificate to
    >>>>> log you
    >>>>> on the network XXXX".
    >>>>>
    >>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
    >>>>>
    >>>>> We need to this two EKU on one Certificate because currently Microsoft
    >>>>> called our CSP using "default container" for Smart Card Logon and
    >>>>> EAP-TLS.
    >>>>> And we cannot differentiate who is actually calling our CSP.
    >>>>>
    >>>>> Has anyone face this problem before ?
    >>>>>
    >>>>> Can someone from Microsoft confirm about this problem ?
    >>>>>
    >>>>> Thank in advance for any help or idea......
    >>>>>
    >>>>> Rudy
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
     
    John Smith, May 2, 2005
    #6
  7. erha

    Guest

    Hi Carl,

    Yes for sure the two certificate only different on the EKU and both of
    them is imported to Current User Certificate Store.

    On my testing, I do not use the Certificate from the Smart Card.
    Instead I create the Certificate and import PKCS#12 to the Current User
    Certificate Store.

    The Certificate is created by our own product and it is working fine so
    far. We can do a Certificate Logon correctly.

    I can send the two certificates to you if you want but could we do this
    offline.

    I could not get your email address since I post this message from
    google. Can you please send your email to ?
    (Please remove '-nospam' from the email address)
     
    , May 14, 2005
    #7
  8. erha

    John Smith Guest

    yet another interesting thing...

    i just tryed it with another router LinkSys this time.. i'm using WAP-PSK..
    doesn't tell me nothin about certificate...



    <> wrote in message
    news:...
    > Hi Carl,
    >
    > Yes for sure the two certificate only different on the EKU and both of
    > them is imported to Current User Certificate Store.
    >
    > On my testing, I do not use the Certificate from the Smart Card.
    > Instead I create the Certificate and import PKCS#12 to the Current User
    > Certificate Store.
    >
    > The Certificate is created by our own product and it is working fine so
    > far. We can do a Certificate Logon correctly.
    >
    > I can send the two certificates to you if you want but could we do this
    > offline.
    >
    > I could not get your email address since I post this message from
    > google. Can you please send your email to ?
    > (Please remove '-nospam' from the email address)
    >
     
    John Smith, May 16, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. SiD`
    Replies:
    1
    Views:
    354
    Pascal Chevrel
    May 25, 2004
  2. Jonathan

    Firefox 0.9.1 major bugs

    Jonathan, Jul 6, 2004, in forum: Firefox
    Replies:
    7
    Views:
    500
    Moz Champion
    Jul 8, 2004
  3. Thomas
    Replies:
    3
    Views:
    366
  4. The One

    Bugs

    The One, Apr 24, 2005, in forum: Firefox
    Replies:
    4
    Views:
    677
    John Thompson
    Apr 24, 2005
  5. Jason

    Bugs and Bugs...get rid of them

    Jason, Jan 31, 2006, in forum: Computer Security
    Replies:
    1
    Views:
    500
    Hellish
    Jan 31, 2006
Loading...

Share This Page