RADIUS and Verisign cert for wireless

Discussion in 'Wireless Networking' started by jvillarreal, Apr 24, 2009.

  1. jvillarreal

    jvillarreal Guest

    I am trying to start utilizing a Verisign WLAN certificate within my wireless
    environment, almost specifically because Blackberries can't be told to ignore
    the server cert like Windows can be. I've followed both Microsoft's guide
    (http://www.microsoft.com/downloads/...3c-d2d9-408d-bd97-139afc60996b&DisplayLang=en)
    as well as several guides that Verisign publishes for purchasing and
    installing their cert. I'm relatively sure that the cert is installed
    properly. Someone at Verisign walked me through doing that over the phone
    yesterday.

    Inside of IAS I already had a Remote Access Policy for my wireless clients I
    just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP) >
    Certificate issued | field to the new Verisign Class 3 WLAN Secure Server CA
    instead of the other cert.

    When clients go to connect I get this error inside the System Event Log:

    Could not retrieve the Remote Access Server's certificate due to the
    following error: The credentials supplied to the package were not recognized

    Directly followed by this error:

    Access request for user OURDOMAIN\jvillarreal was discarded.

    Fully-Qualified-User-Name = ourdomain.org/Information
    Technology/Users/Jordan Villarreal

    NAS-IP-Address = 10.0.0.17

    NAS-Identifier = TCHMCRCSWISMA0

    Called-Station-Identifier = 00-1D-70-92-D1-10:testNET

    Calling-Station-Identifier = 00-1F-3C-A2-EE-1F

    Client-Friendly-Name = TCHMCRCSWISMA0

    Client-IP-Address = 10.0.0.17

    NAS-Port-Type = Wireless - IEEE 802.11

    NAS-Port = 29

    Proxy-Policy-Name = Use Windows authentication for all users

    Authentication-Provider = Windows

    Authentication-Server = <undetermined>

    Reason-Code = 1

    Reason = An internal error occurred. Check the system event log for
    additional information.



    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp .

    I'm almost at my wits end with this issue. If anyone has any ideas I'd be
    enormously grateful.
     
    jvillarreal, Apr 24, 2009
    #1
    1. Advertising

  2. In most cases, this is related to certificate settings. This post may help.

    IAS Event ID 3 Reason-Code = 1
    http://www.chicagotech.net/netforums/viewtopic.php?p=9904#9904

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com


    "jvillarreal" <> wrote in message
    news:...
    >I am trying to start utilizing a Verisign WLAN certificate within my
    >wireless
    > environment, almost specifically because Blackberries can't be told to
    > ignore
    > the server cert like Windows can be. I've followed both Microsoft's guide
    > (http://www.microsoft.com/downloads/...3c-d2d9-408d-bd97-139afc60996b&DisplayLang=en)
    > as well as several guides that Verisign publishes for purchasing and
    > installing their cert. I'm relatively sure that the cert is installed
    > properly. Someone at Verisign walked me through doing that over the phone
    > yesterday.
    >
    > Inside of IAS I already had a Remote Access Policy for my wireless clients
    > I
    > just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP)
    > >

    > Certificate issued | field to the new Verisign Class 3 WLAN Secure Server
    > CA
    > instead of the other cert.
    >
    > When clients go to connect I get this error inside the System Event Log:
    >
    > Could not retrieve the Remote Access Server's certificate due to the
    > following error: The credentials supplied to the package were not
    > recognized
    >
    > Directly followed by this error:
    >
    > Access request for user OURDOMAIN\jvillarreal was discarded.
    >
    > Fully-Qualified-User-Name = ourdomain.org/Information
    > Technology/Users/Jordan Villarreal
    >
    > NAS-IP-Address = 10.0.0.17
    >
    > NAS-Identifier = TCHMCRCSWISMA0
    >
    > Called-Station-Identifier = 00-1D-70-92-D1-10:testNET
    >
    > Calling-Station-Identifier = 00-1F-3C-A2-EE-1F
    >
    > Client-Friendly-Name = TCHMCRCSWISMA0
    >
    > Client-IP-Address = 10.0.0.17
    >
    > NAS-Port-Type = Wireless - IEEE 802.11
    >
    > NAS-Port = 29
    >
    > Proxy-Policy-Name = Use Windows authentication for all users
    >
    > Authentication-Provider = Windows
    >
    > Authentication-Server = <undetermined>
    >
    > Reason-Code = 1
    >
    > Reason = An internal error occurred. Check the system event log for
    > additional information.
    >
    >
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp .
    >
    > I'm almost at my wits end with this issue. If anyone has any ideas I'd be
    > enormously grateful.
     
    Bob Lin \(MS-MVP\), Apr 24, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harrison

    Blocking Verisign's Site Finder

    Harrison, Oct 1, 2003, in forum: Computer Support
    Replies:
    41
    Views:
    1,559
    Brian H¹©
    Oct 3, 2003
  2. www.BradReese.Com
    Replies:
    3
    Views:
    1,281
  3. www.BradReese.Com
    Replies:
    0
    Views:
    441
    www.BradReese.Com
    Sep 27, 2007
  4. ACS Peap and Verisign

    , Aug 5, 2008, in forum: Cisco
    Replies:
    0
    Views:
    451
  5. Giuen
    Replies:
    0
    Views:
    996
    Giuen
    Sep 12, 2008
Loading...

Share This Page