RADIUS and Verisign cert for wireless

24 Apr 2009 3:44 PM

jvillarreal

I am trying to start utilizing a Verisign WLAN certificate within my wireless
environment, almost specifically because Blackberries can't be told to ignore
the server cert like Windows can be. I've followed both Microsoft's guide
(http://www.microsoft.com/downloads/details.aspx?FamilyID=1971d43c-d2d9-408d-bd97-139afc60996b&DisplayLang=en)
as well as several guides that Verisign publishes for purchasing and
installing their cert. I'm relatively sure that the cert is installed
properly. Someone at Verisign walked me through doing that over the phone
yesterday.

Inside of IAS I already had a Remote Access Policy for my wireless clients I
just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP) >
Certificate issued | field to the new Verisign Class 3 WLAN Secure Server CA
instead of the other cert.

When clients go to connect I get this error inside the System Event Log:

Could not retrieve the Remote Access Server's certificate due to the
following error: The credentials supplied to the package were not recognized

Directly followed by this error:

Access request for user OURDOMAIN\jvillarreal was discarded.

Fully-Qualified-User-Name = ourdomain.org/Information
Technology/Users/Jordan Villarreal

NAS-IP-Address = 10.0.0.17

NAS-Identifier = TCHMCRCSWISMA0

Called-Station-Identifier = 00-1D-70-92-D1-10:testNET

Calling-Station-Identifier = 00-1F-3C-A2-EE-1F

Client-Friendly-Name = TCHMCRCSWISMA0

Client-IP-Address = 10.0.0.17

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 29

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Reason-Code = 1

Reason = An internal error occurred. Check the system event log for
additional information.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp .

I'm almost at my wits end with this issue. If anyone has any ideas I'd be
enormously grateful.

24 Apr 2009 7:27 PM

Bob Lin (MS-MVP)

In most cases, this is related to certificate settings. This post may help.

IAS Event ID 3 Reason-Code = 1
http://www.chicagotech.net/netforums/viewtopic.php?p=9904#9904

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

Show quoteHide quote

"jvillarreal" <jvillarr***@discussions.microsoft.com> wrote in message
news:314922BB-BD53-42F5-9F99-49A759E498B2@microsoft.com...
>I am trying to start utilizing a Verisign WLAN certificate within my
>wireless
> environment, almost specifically because Blackberries can't be told to
> ignore
> the server cert like Windows can be. I've followed both Microsoft's guide
> (http://www.microsoft.com/downloads/details.aspx?FamilyID=1971d43c-d2d9-408d-bd97-139afc60996b&DisplayLang=en)
> as well as several guides that Verisign publishes for purchasing and
> installing their cert. I'm relatively sure that the cert is installed
> properly. Someone at Verisign walked me through doing that over the phone
> yesterday.
>
> Inside of IAS I already had a Remote Access Policy for my wireless clients
> I
> just changed the EAP Methods > Select EAP Providers > Protected EAP (PEAP)
> >
> Certificate issued | field to the new Verisign Class 3 WLAN Secure Server
> CA
> instead of the other cert.
>
> When clients go to connect I get this error inside the System Event Log:
>
> Could not retrieve the Remote Access Server's certificate due to the
> following error: The credentials supplied to the package were not
> recognized
>
> Directly followed by this error:
>
> Access request for user OURDOMAIN\jvillarreal was discarded.
>
> Fully-Qualified-User-Name = ourdomain.org/Information
> Technology/Users/Jordan Villarreal
>
> NAS-IP-Address = 10.0.0.17
>
> NAS-Identifier = TCHMCRCSWISMA0
>
> Called-Station-Identifier = 00-1D-70-92-D1-10:testNET
>
> Calling-Station-Identifier = 00-1F-3C-A2-EE-1F
>
> Client-Friendly-Name = TCHMCRCSWISMA0
>
> Client-IP-Address = 10.0.0.17
>
> NAS-Port-Type = Wireless - IEEE 802.11
>
> NAS-Port = 29
>
> Proxy-Policy-Name = Use Windows authentication for all users
>
> Authentication-Provider = Windows
>
> Authentication-Server = <undetermined>
>
> Reason-Code = 1
>
> Reason = An internal error occurred. Check the system event log for
> additional information.
>
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp .
>
> I'm almost at my wits end with this issue. If anyone has any ideas I'd be
> enormously grateful.