|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Wired Authentication issues.I have set up Windows 2003 R2 Certificate Services along with IAS to enable port authentication. I have used the "Securing Wireless LANs with Certificate Services" Build guide and "Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows" as guides to configure everything. The client computers are Windows 2000 SP4 and Windows XP SP2. I have configured a Version 1 Computer template and the client machines are all getting their certificates. Once a machine has a certificate after the first reboot the machine will authenticate with the port and allow access. Upon subsequent reboots Windows come back with the error "Windows was unable to find a certificate to log you on to the network." When I look in the computers certificates the computer does in fact have a certificate. The IAS server does not see an authentication request as the client does not send one. The Wireless configuration services are running and the authentication options for the network adapter are set to "Authenticate as computer when computer information is available" Any ideas?, Am I using the wrong certificate? Thanks in Advance Derek Hi Derek --
I am a little confused -- are you deploying 802.1X Ethernet (wired) or 802.1X wireless? Or maybe you are doing both. I ask because you mention both a wireless and wired guide in your first paragraph below. Which client (wired or wireless) are you having problems with? Thanks for any additional information you can provide. Show quoteHide quote "Derek" <remove_dis_daw***@hotmail.com> wrote in news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl: > Hello, > > > > I have set up Windows 2003 R2 Certificate Services along with IAS to > enable port authentication. I have used the "Securing Wireless LANs > with Certificate Services" Build guide and "Deployment of IEEE 802.1X > for Wired Networks Using Microsoft Windows" as guides to configure > everything. The client computers are Windows 2000 SP4 and Windows XP > SP2. > > > > I have configured a Version 1 Computer template and the client > machines are all getting their certificates. Once a machine has a > certificate after the first reboot the machine will authenticate with > the port and allow access. Upon subsequent reboots Windows come back > with the error "Windows was unable to find a certificate to log you on > to the network." When I look in the computers certificates the > computer does in fact have a certificate. The IAS server does not see > an authentication request as the client does not send one. The > Wireless configuration services are running and the authentication > options for the network adapter are set to "Authenticate as computer > when computer information is available" > > > > Any ideas?, Am I using the wrong certificate? > > > > Thanks in Advance > > > > Derek > > > > > -- James McIllece, Microsoft Please do not send email directly to this alias. This is my online account name for newsgroup participation only. This posting is provided "AS IS" with no warranties, and confers no rights. I am trying to get wired working first, then wireless. All I need at this
point is to get the wired clients to authenticate to the port. Once I have that working then I will built a guest vlan for un-authenticated users. Show quoteHide quote "James McIllece [MS]" <james***@online.microsoft.com> wrote in message news:Xns988C919EF406jamesmcionlinemicros@207.46.248.16... > Hi Derek -- > > I am a little confused -- are you deploying 802.1X Ethernet (wired) or > 802.1X wireless? Or maybe you are doing both. I ask because you mention > both a wireless and wired guide in your first paragraph below. > > Which client (wired or wireless) are you having problems with? > > Thanks for any additional information you can provide. > > "Derek" <remove_dis_daw***@hotmail.com> wrote in > news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl: > >> Hello, >> >> >> >> I have set up Windows 2003 R2 Certificate Services along with IAS to >> enable port authentication. I have used the "Securing Wireless LANs >> with Certificate Services" Build guide and "Deployment of IEEE 802.1X >> for Wired Networks Using Microsoft Windows" as guides to configure >> everything. The client computers are Windows 2000 SP4 and Windows XP >> SP2. >> >> >> >> I have configured a Version 1 Computer template and the client >> machines are all getting their certificates. Once a machine has a >> certificate after the first reboot the machine will authenticate with >> the port and allow access. Upon subsequent reboots Windows come back >> with the error "Windows was unable to find a certificate to log you on >> to the network." When I look in the computers certificates the >> computer does in fact have a certificate. The IAS server does not see >> an authentication request as the client does not send one. The >> Wireless configuration services are running and the authentication >> options for the network adapter are set to "Authenticate as computer >> when computer information is available" >> >> >> >> Any ideas?, Am I using the wrong certificate? >> >> >> >> Thanks in Advance >> >> >> >> Derek >> >> >> >> >> > > > > -- > James McIllece, Microsoft > > Please do not send email directly to this alias. This is my online > account > name for newsgroup participation only. > > This posting is provided "AS IS" with no warranties, and confers no > rights. OK, so you need to verify that you have the CA cert in the Trusted Root
Certification Authorities certificate store on the client. Also verify that the server cert is properly formed (if you can configure it in a remote access policy in IAS it is probably OK) and that the client certs are too. You can find the minimum server and client cert requirements in the IAS Help topic "Network access authentication and certificates." Show quoteHide quote "Derek" <remove_dis_daw***@hotmail.com> wrote in news:O0bLXIaFHHA.1188@TK2MSFTNGP06.phx.gbl: > I am trying to get wired working first, then wireless. All I need at > this point is to get the wired clients to authenticate to the port. > Once I have that working then I will built a guest vlan for > un-authenticated users. "James McIllece [MS]" > <james***@online.microsoft.com> wrote in message > news:Xns988C919EF406jamesmcionlinemicros@207.46.248.16... >> Hi Derek -- >> >> I am a little confused -- are you deploying 802.1X Ethernet (wired) >> or 802.1X wireless? Or maybe you are doing both. I ask because you >> mention both a wireless and wired guide in your first paragraph >> below. >> >> Which client (wired or wireless) are you having problems with? >> >> Thanks for any additional information you can provide. >> >> "Derek" <remove_dis_daw***@hotmail.com> wrote in >> news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl: >> >>> Hello, >>> >>> >>> >>> I have set up Windows 2003 R2 Certificate Services along with IAS to >>> enable port authentication. I have used the "Securing Wireless LANs >>> with Certificate Services" Build guide and "Deployment of IEEE >>> 802.1X for Wired Networks Using Microsoft Windows" as guides to >>> configure everything. The client computers are Windows 2000 SP4 and >>> Windows XP SP2. >>> >>> >>> >>> I have configured a Version 1 Computer template and the client >>> machines are all getting their certificates. Once a machine has a >>> certificate after the first reboot the machine will authenticate >>> with the port and allow access. Upon subsequent reboots Windows come >>> back with the error "Windows was unable to find a certificate to log >>> you on to the network." When I look in the computers certificates >>> the computer does in fact have a certificate. The IAS server does >>> not see an authentication request as the client does not send one. >>> The Wireless configuration services are running and the >>> authentication options for the network adapter are set to >>> "Authenticate as computer when computer information is available" >>> >>> >>> >>> Any ideas?, Am I using the wrong certificate? >>> >>> >>> >>> Thanks in Advance >>> >>> >>> >>> Derek >>> >>> >>> >>> >>> >> >> >> >> -- >> James McIllece, Microsoft >> >> Please do not send email directly to this alias. This is my online >> account >> name for newsgroup participation only. >> >> This posting is provided "AS IS" with no warranties, and confers no >> rights. > > -- James McIllece, Microsoft Please do not send email directly to this alias. This is my online account name for newsgroup participation only. This posting is provided "AS IS" with no warranties, and confers no rights. Also if I understand correctly it should not matter if the client is
wireless or wired as the certificate is the same. I want to do only computer certificates not user. Show quoteHide quote "James McIllece [MS]" <james***@online.microsoft.com> wrote in message news:Xns988C919EF406jamesmcionlinemicros@207.46.248.16... > Hi Derek -- > > I am a little confused -- are you deploying 802.1X Ethernet (wired) or > 802.1X wireless? Or maybe you are doing both. I ask because you mention > both a wireless and wired guide in your first paragraph below. > > Which client (wired or wireless) are you having problems with? > > Thanks for any additional information you can provide. > > "Derek" <remove_dis_daw***@hotmail.com> wrote in > news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl: > >> Hello, >> >> >> >> I have set up Windows 2003 R2 Certificate Services along with IAS to >> enable port authentication. I have used the "Securing Wireless LANs >> with Certificate Services" Build guide and "Deployment of IEEE 802.1X >> for Wired Networks Using Microsoft Windows" as guides to configure >> everything. The client computers are Windows 2000 SP4 and Windows XP >> SP2. >> >> >> >> I have configured a Version 1 Computer template and the client >> machines are all getting their certificates. Once a machine has a >> certificate after the first reboot the machine will authenticate with >> the port and allow access. Upon subsequent reboots Windows come back >> with the error "Windows was unable to find a certificate to log you on >> to the network." When I look in the computers certificates the >> computer does in fact have a certificate. The IAS server does not see >> an authentication request as the client does not send one. The >> Wireless configuration services are running and the authentication >> options for the network adapter are set to "Authenticate as computer >> when computer information is available" >> >> >> >> Any ideas?, Am I using the wrong certificate? >> >> >> >> Thanks in Advance >> >> >> >> Derek >> >> >> >> >> > > > > -- > James McIllece, Microsoft > > Please do not send email directly to this alias. This is my online > account > name for newsgroup participation only. > > This posting is provided "AS IS" with no warranties, and confers no > rights. 
Other interesting topics
Show all wireless devices, how?
How do I search for a wireless network? Sharing Drives on Network XP login changed to NT! Wireless setup Windows XP file sharing oddness (any ideas?) Wireless Setup Between Two Wireless Laptops Home Network No wireless connectivity with modem GROUP POLICY COMPUTER SETTINGS NOT APPLIED DURING WIRELESS LOGON |
|||||||||||||||||||||||
