ASA 8.4 and win 2008 ca problem

Hi,

we have a problem with authenticating to the trustpoint for CA on WIn 2008 Enterprise machine. Enrollment url
enrollment url http://CAWin2008/certsrv/mscep_admin/

We are getting following error
ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0
ASA(config)# Content-Type indicates we did not receive a certificate.

after trying to authenticate.

After checking wireshark files on Win2008 machine, we noticed that WIN2008 are sending specific HTTP 401 'unaothorized:access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.' error, it is like CA and their IIS service is trying to authenticate ASA but ASA does not send any credentials.

Is anybody familiar with this problem and how we can solve it?

Vladimir

 

Incorrect enrollment-url

Your enrollment url statement should be:

enrollment url http://Win2008CA:80/certsrv/mscep/mscep.dll

Regs,
Sasa

 

Can not get Certificate

Hi

I have a similiar issue to get a certificate from microsoft CA server on windows 2008 server .
I am trying to get the Certificate using Cisco Router 3825 and receive :



R2(config)#crypto ca authenticate dialogic-S444802-CA
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0
R2(config)#
Sep 4 13:12:50.335: CRYPTO_PKI: Sending CA Certificate Request:
GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=dialogic-S444802-CA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
Host: 192.168.4.150

Sep 4 13:12:50.335: CRYPTO_PKI: locked trustpoint dialogic-S444802-CA, refcount is 1
Sep 4 13:12:50.335: CRYPTO_PKI: can not resolve server name/IP address
Sep 4 13:12:50.335: CRYPTO_PKI: Using unresolved IP Address 192.168.4.150
Sep 4 13:12:50.335: CRYPTO_PKI: http connection opened
Sep 4 13:12:50.335: CRYPTO_PKI: Sending HTTP message
Sep 4 13:12:50.335: CRYPTO_PKI: Reply HTTP header:
HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
Host: 192.168.4.150

Sep 4 13:12:50.335: CRYPTO_PKI: unlocked trustpoint dialogic-S444802-CA, refcount is 0
Sep 4 13:12:50.335: CRYPTO_PKI: locked trustpoint dialogic-S444802-CA, refcount is 1
Sep 4 13:12:50.835: CRYPTO_PKI: unlocked trustpoint dialogic-S444802-CA, refcount is 0
Sep 4 13:12:50.835: CRYPTO_PKI: Reply HTTP header:
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1066
Vary: Accept-Encoding
Date: Wed, 04 Sep 2013 10:12:57 GMT
Connection: close
Content-Type indicates we did not receive a certificate.
Sep 4 13:12:50.835: CRYPTO_PKI: transaction GetCACert completed


My Router configuration for trustpoint is :

crypto pki trustpoint dialogic-S444802-CA
enrollment retry count 5
enrollment retry period 3
enrollment url
ip-address 192.168.4.150
revocation-check none

I really apreciate your assitance and Pls let me know which knowledge is missing .

thaanks
Roee