CISO acs appliance and windows certificate ...PEAP error

Discussion in 'Cisco' started by wisdom1999@gmail.com, Feb 5, 2007.

  1. Guest

    Hi. I have a HUGE problem that i desperately need your help with. I
    have installed two ACS appliances to be used for IBNS and eventually
    for NAC. I want to use certificates to authenticate users. I have
    windows 2003 enterprise CA setup ( 3-tier). I use the issuing CA to
    generate the certificates. When i request and install the certificate
    that goes though without a problem. However when i got to global
    authentication and try to enable PEAP i get the following message:

    Failed to initialize PEAP or EAP-TLS authentication protocol because
    CA certificate is not installed. Install the CA certificate using "ACS
    Certification Authority Setup" page

    The certificate is installed.

    I got a solution from a cisco rep here but it did not work the
    solution is listed below:
    Symptom:
    ACS appliance will not recognize the installed certificate.

    Condition:

    Cisco Security Agent is running.

    1. Install a certificate - GUI will report certificate as installed
    and
    validitiy OK.
    2. Enable PEAP
    3. Error appears:

    Failed to initialize PEAP or EAP-TLS authentication protocol because
    CA certificate is not installed. Install the CA certificate using
    "ACS Certification Authority Setup" page.

    Workaround:
    Disable Cisco Security Agent and repeat the installation procedure.
    It will succeed.
    Re-enable Cisco Security Agent.


    I desperately need your help in solving this. I have no idea what else
    to try. Thanks in advance for your expertise.



    Regards
     
    , Feb 5, 2007
    #1
    1. Advertising

  2. Thrill5 Guest

    You are hitting "Install Certificate" twice. After you enter the file name
    for the certificate to install hit "Install Certificate", the next screen
    will show the certificate details and the certificate is now installed. At
    this point you are hitting the "Install Certificate" button again, and
    deleting the certificate you just installed. I just went through this, and
    the screens are not very intuitive.

    Scott.
    <> wrote in message
    news:...
    > Hi. I have a HUGE problem that i desperately need your help with. I
    > have installed two ACS appliances to be used for IBNS and eventually
    > for NAC. I want to use certificates to authenticate users. I have
    > windows 2003 enterprise CA setup ( 3-tier). I use the issuing CA to
    > generate the certificates. When i request and install the certificate
    > that goes though without a problem. However when i got to global
    > authentication and try to enable PEAP i get the following message:
    >
    > Failed to initialize PEAP or EAP-TLS authentication protocol because
    > CA certificate is not installed. Install the CA certificate using "ACS
    > Certification Authority Setup" page
    >
    > The certificate is installed.
    >
    > I got a solution from a cisco rep here but it did not work the
    > solution is listed below:
    > Symptom:
    > ACS appliance will not recognize the installed certificate.
    >
    > Condition:
    >
    > Cisco Security Agent is running.
    >
    > 1. Install a certificate - GUI will report certificate as installed
    > and
    > validitiy OK.
    > 2. Enable PEAP
    > 3. Error appears:
    >
    > Failed to initialize PEAP or EAP-TLS authentication protocol because
    > CA certificate is not installed. Install the CA certificate using
    > "ACS Certification Authority Setup" page.
    >
    > Workaround:
    > Disable Cisco Security Agent and repeat the installation procedure.
    > It will succeed.
    > Re-enable Cisco Security Agent.
    >
    >
    > I desperately need your help in solving this. I have no idea what else
    > to try. Thanks in advance for your expertise.
    >
    >
    >
    > Regards
    >
     
    Thrill5, Feb 6, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Turrekens Jurgen
    Replies:
    3
    Views:
    3,221
    Michael Janke
    Jul 8, 2004
  2. jester
    Replies:
    1
    Views:
    1,788
    Vivek
    Dec 20, 2005
  3. ruchi
    Replies:
    0
    Views:
    694
    ruchi
    May 9, 2006
  4. Ketchupy
    Replies:
    0
    Views:
    2,313
    Ketchupy
    Mar 20, 2007
  5. Replies:
    1
    Views:
    2,158
    Thrill5
    May 14, 2007
Loading...

Share This Page