Unable to connect using machine certificate

Discussion in 'Wireless Networking' started by Microsoft news, Nov 29, 2005.

  1. I have setup an enterprise RADIUS server to manage a wireless network. I
    created a certificate using the built in certificate authority on the RADIUS
    server and am running into trouble connecting a workstation. If I import
    the certificate (*.pfx) into the current user's personal certificate store
    then that user can connect to the network (the logon script will only work
    once that user has logged on using the cached credential then logged off and
    back on). If I import the certificate into the local computer certificate
    store the computer can't find the certificate to authenticate with the
    RADIUS server. The workstation is a Windows xp pro sp2 machine. I think
    the RADIUS server is setup correctly because if the certificate is in the
    current user certificate store then that user can connect.

    I know this is kinda vague but I am hoping someone has run into the same
    type of problem.

    Thanks,
    Bill
     
    Microsoft news, Nov 29, 2005
    #1
    1. Advertising

  2. Hi Bill,
    There two types of certificates that a machine can use: Computer
    certificates and Workstation Authentication Certificates.
    I think that a user certificate cann't be used as workstation authentication
    certificate.
    We have used Autoenrollment features to distribute computer certificates and
    workstation authentication certificates.
    You also can get a computer certificate from your certificates snap-in
    (computer, not user) personal folder.
    For example, we have published the wokstation authentication
    certificates(W3K), by changing the template security to permit autoenroll
    for Domain Computers, after this, on certificate authority mmc, right
    clicking on Certificates Templates node, chosing New > Certificate Template
    to Issue and selecting the correct templates to be published.

    You need only a computer certificate issued to your computer domain account.
    With this in place your workstation can open a wireless connection before a
    user logon. Your IAS Radius Policy should permit this logon type, if you
    have selected specific domain groups, including the Domain Computers group.

    I hope that this help you.

    TKS

    Washington Moreira

    "Microsoft news" <> wrote in message
    news:...
    >I have setup an enterprise RADIUS server to manage a wireless network. I
    >created a certificate using the built in certificate authority on the
    >RADIUS server and am running into trouble connecting a workstation. If I
    >import the certificate (*.pfx) into the current user's personal certificate
    >store then that user can connect to the network (the logon script will only
    >work once that user has logged on using the cached credential then logged
    >off and back on). If I import the certificate into the local computer
    >certificate store the computer can't find the certificate to authenticate
    >with the RADIUS server. The workstation is a Windows xp pro sp2 machine.
    >I think the RADIUS server is setup correctly because if the certificate is
    >in the current user certificate store then that user can connect.
    >
    > I know this is kinda vague but I am hoping someone has run into the same
    > type of problem.
    >
    > Thanks,
    > Bill
    >
     
    Washington Moreira, Nov 29, 2005
    #2
    1. Advertising

  3. Microsoft news

    AlonPurim

    Joined:
    Oct 19, 2006
    Messages:
    1
     
    AlonPurim, Oct 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Sm9obg==?=

    Xp machine causes ME machine to get error 'unable to browse networ

    =?Utf-8?B?Sm9obg==?=, Nov 30, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    983
    Ryan Younger
    Dec 1, 2005
  2. =?Utf-8?B?SmFzZXlCb3k=?=

    Unable to renew IP address/unable to connect to wireless network

    =?Utf-8?B?SmFzZXlCb3k=?=, Dec 21, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    11,839
    Jack \(MVP-Networking\).
    Dec 22, 2005
  3. Roy Chastain

    Using machine certificate with EAP-TLS

    Roy Chastain, Mar 26, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    1,337
    skums
    Jan 6, 2008
  4. ray

    unable to connect using newsbin pro

    ray, Oct 6, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    570
    Richard
    Oct 6, 2003
  5. John smith

    Unable to connect to the registration using AT&T

    John smith, Oct 14, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    381
    Old Gringo
    Oct 14, 2004
Loading...

Share This Page