"erha" <r***@guardmydata.com> wrote in message
news:%235xFcPBRFHA.4020@tk2msftngp13.phx.gbl...
> Hi all, (especially Microsoft)
>
> We currently try to integrate our Smart Card to be used in Wireless
> EAP-TLS
> authentication.
> Our Smart Card is currently is used for Microsoft Windows Certificate
> Logon.
> To support the EAP-TLS, we add Client Authentication to the Extended Key
> Usage (EKU).
> But we are failed. The Microsoft complain the "Windows was unable to find
> a
> certificate to log you on the network XXXX".
>
> Upon this error, we are trying to use certificate from Certificate Store.
>
> Certificate #1:
> EKU=Client Authentication
> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>
> MS Windows do not complain when we are using Certificate#1.
>
> We delete Certificate#1 from Certificate store and import Certificate# 2.
>
> Certifcate #2:
> EKU=Client Authentication, Smart Card Logon
> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>
> And ha ha ......
>
> The MS Windows complain "Windows was unable to find a certificate to log
> you
> on the network XXXX".
>
> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>
> We need to this two EKU on one Certificate because currently Microsoft
> called our CSP using "default container" for Smart Card Logon and EAP-TLS.
> And we cannot differentiate who is actually calling our CSP.
>
> Has anyone face this problem before ?
>
> Can someone from Microsoft confirm about this problem ?
>
> Thank in advance for any help or idea......
>
> Rudy
>
>

"Carl DaVault [MSFT]" <car***@online.microsoft.com> wrote in message
news:OXWpUN2RFHA.3704@TK2MSFTNGP12.phx.gbl...
> Sorry to state the obvious, but did you troubleshoot the certificate in
> all other ways? Try creating new/fresh certificates? Compare them to make
> sure that the only difference is the EKU? Etc? Make sure it's in the right
> store? Are you seeing this only with the smartcard EKU or does the problem
> occur when any EKU is added to the Client Authentication?
>
> What method are you using to generate the certificates?
>
> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
> the problem only surface with wireless?
>
> Thanks.
>
> If you want, I can try to take a look at the 2 certificates to compare
> them.
>
> --
> Standard Disclaimers -
> This posting is provided "AS IS" with no warranties,
> and confers no rights. Please do not send e-mail directly
> to this alias. This alias is for newsgroup purposes only.
>
>
> "erha" <r***@guardmydata.com> wrote in message
> news:%235xFcPBRFHA.4020@tk2msftngp13.phx.gbl...
>> Hi all, (especially Microsoft)
>>
>> We currently try to integrate our Smart Card to be used in Wireless
>> EAP-TLS
>> authentication.
>> Our Smart Card is currently is used for Microsoft Windows Certificate
>> Logon.
>> To support the EAP-TLS, we add Client Authentication to the Extended Key
>> Usage (EKU).
>> But we are failed. The Microsoft complain the "Windows was unable to find
>> a
>> certificate to log you on the network XXXX".
>>
>> Upon this error, we are trying to use certificate from Certificate Store.
>>
>> Certificate #1:
>> EKU=Client Authentication
>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>
>> MS Windows do not complain when we are using Certificate#1.
>>
>> We delete Certificate#1 from Certificate store and import Certificate# 2.
>>
>> Certifcate #2:
>> EKU=Client Authentication, Smart Card Logon
>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>
>> And ha ha ......
>>
>> The MS Windows complain "Windows was unable to find a certificate to log
>> you
>> on the network XXXX".
>>
>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>
>> We need to this two EKU on one Certificate because currently Microsoft
>> called our CSP using "default container" for Smart Card Logon and
>> EAP-TLS.
>> And we cannot differentiate who is actually calling our CSP.
>>
>> Has anyone face this problem before ?
>>
>> Can someone from Microsoft confirm about this problem ?
>>
>> Thank in advance for any help or idea......
>>
>> Rudy
>>
>>
>
>

"John Smith" <some***@microsoft.com> wrote in message
news:kpFae.16924$ZQ1.1012@fe11.lga...
>i do have about same problem, although it might be different.. i'm not 100%
>following everything here.. but here is what i have
>
> once, i switch my router from WEP to WAP-PSK, my computer displays
> following
>
> Windows was unable to find a certificate to log you to the network
>
> i however did not create any certificates, i'm not really sure which one
> exactly do i need to be honest..
>
> but the main problem is that after i get connected i lose my connection
> after 1-2 mins tops and the only thing i have left to do is to turn radio
> off and turn it back to be able to connect for another minute or so..
>
> is it suppose to be like that? or am i just misconfigure something ( it
> needs that certificiate ) if so can you refer me to your website where it
> describes which certificate do i need to create, where to put it and how
> to create it? basically step by step guide..
>
> thank you so much
>
>
>
>
> "Carl DaVault [MSFT]" <car***@online.microsoft.com> wrote in message
> news:OXWpUN2RFHA.3704@TK2MSFTNGP12.phx.gbl...
>> Sorry to state the obvious, but did you troubleshoot the certificate in
>> all other ways? Try creating new/fresh certificates? Compare them to make
>> sure that the only difference is the EKU? Etc? Make sure it's in the
>> right store? Are you seeing this only with the smartcard EKU or does the
>> problem occur when any EKU is added to the Client Authentication?
>>
>> What method are you using to generate the certificates?
>>
>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or does
>> the problem only surface with wireless?
>>
>> Thanks.
>>
>> If you want, I can try to take a look at the 2 certificates to compare
>> them.
>>
>> --
>> Standard Disclaimers -
>> This posting is provided "AS IS" with no warranties,
>> and confers no rights. Please do not send e-mail directly
>> to this alias. This alias is for newsgroup purposes only.
>>
>>
>> "erha" <r***@guardmydata.com> wrote in message
>> news:%235xFcPBRFHA.4020@tk2msftngp13.phx.gbl...
>>> Hi all, (especially Microsoft)
>>>
>>> We currently try to integrate our Smart Card to be used in Wireless
>>> EAP-TLS
>>> authentication.
>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>> Logon.
>>> To support the EAP-TLS, we add Client Authentication to the Extended Key
>>> Usage (EKU).
>>> But we are failed. The Microsoft complain the "Windows was unable to
>>> find a
>>> certificate to log you on the network XXXX".
>>>
>>> Upon this error, we are trying to use certificate from Certificate
>>> Store.
>>>
>>> Certificate #1:
>>> EKU=Client Authentication
>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>
>>> MS Windows do not complain when we are using Certificate#1.
>>>
>>> We delete Certificate#1 from Certificate store and import Certificate#
>>> 2.
>>>
>>> Certifcate #2:
>>> EKU=Client Authentication, Smart Card Logon
>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>
>>> And ha ha ......
>>>
>>> The MS Windows complain "Windows was unable to find a certificate to log
>>> you
>>> on the network XXXX".
>>>
>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>
>>> We need to this two EKU on one Certificate because currently Microsoft
>>> called our CSP using "default container" for Smart Card Logon and
>>> EAP-TLS.
>>> And we cannot differentiate who is actually calling our CSP.
>>>
>>> Has anyone face this problem before ?
>>>
>>> Can someone from Microsoft confirm about this problem ?
>>>
>>> Thank in advance for any help or idea......
>>>
>>> Rudy
>>>
>>>
>>
>>
>
>

"Carl DaVault [MSFT]" <car***@online.microsoft.com> wrote in message
news:eIkDVdDTFHA.2872@TK2MSFTNGP14.phx.gbl...
> You should turn off 802.1x authentication if you are not using it.
>
> This will make the problem go away. Are you sure you set it to WPA-PSK and
> not WPA?
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;814123
>
> --
> Standard Disclaimers -
> This posting is provided "AS IS" with no warranties,
> and confers no rights. Please do not send e-mail directly
> to this alias. This alias is for newsgroup purposes only.
>
>
> "John Smith" <some***@microsoft.com> wrote in message
> news:kpFae.16924$ZQ1.1012@fe11.lga...
>>i do have about same problem, although it might be different.. i'm not
>>100% following everything here.. but here is what i have
>>
>> once, i switch my router from WEP to WAP-PSK, my computer displays
>> following
>>
>> Windows was unable to find a certificate to log you to the network
>>
>> i however did not create any certificates, i'm not really sure which one
>> exactly do i need to be honest..
>>
>> but the main problem is that after i get connected i lose my connection
>> after 1-2 mins tops and the only thing i have left to do is to turn radio
>> off and turn it back to be able to connect for another minute or so..
>>
>> is it suppose to be like that? or am i just misconfigure something ( it
>> needs that certificiate ) if so can you refer me to your website where it
>> describes which certificate do i need to create, where to put it and how
>> to create it? basically step by step guide..
>>
>> thank you so much
>>
>>
>>
>>
>> "Carl DaVault [MSFT]" <car***@online.microsoft.com> wrote in message
>> news:OXWpUN2RFHA.3704@TK2MSFTNGP12.phx.gbl...
>>> Sorry to state the obvious, but did you troubleshoot the certificate in
>>> all other ways? Try creating new/fresh certificates? Compare them to
>>> make sure that the only difference is the EKU? Etc? Make sure it's in
>>> the right store? Are you seeing this only with the smartcard EKU or does
>>> the problem occur when any EKU is added to the Client Authentication?
>>>
>>> What method are you using to generate the certificates?
>>>
>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
>>> does the problem only surface with wireless?
>>>
>>> Thanks.
>>>
>>> If you want, I can try to take a look at the 2 certificates to compare
>>> them.
>>>
>>> --
>>> Standard Disclaimers -
>>> This posting is provided "AS IS" with no warranties,
>>> and confers no rights. Please do not send e-mail directly
>>> to this alias. This alias is for newsgroup purposes only.
>>>
>>>
>>> "erha" <r***@guardmydata.com> wrote in message
>>> news:%235xFcPBRFHA.4020@tk2msftngp13.phx.gbl...
>>>> Hi all, (especially Microsoft)
>>>>
>>>> We currently try to integrate our Smart Card to be used in Wireless
>>>> EAP-TLS
>>>> authentication.
>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>>> Logon.
>>>> To support the EAP-TLS, we add Client Authentication to the Extended
>>>> Key
>>>> Usage (EKU).
>>>> But we are failed. The Microsoft complain the "Windows was unable to
>>>> find a
>>>> certificate to log you on the network XXXX".
>>>>
>>>> Upon this error, we are trying to use certificate from Certificate
>>>> Store.
>>>>
>>>> Certificate #1:
>>>> EKU=Client Authentication
>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>
>>>> MS Windows do not complain when we are using Certificate#1.
>>>>
>>>> We delete Certificate#1 from Certificate store and import Certificate#
>>>> 2.
>>>>
>>>> Certifcate #2:
>>>> EKU=Client Authentication, Smart Card Logon
>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>
>>>> And ha ha ......
>>>>
>>>> The MS Windows complain "Windows was unable to find a certificate to
>>>> log you
>>>> on the network XXXX".
>>>>
>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>>
>>>> We need to this two EKU on one Certificate because currently Microsoft
>>>> called our CSP using "default container" for Smart Card Logon and
>>>> EAP-TLS.
>>>> And we cannot differentiate who is actually calling our CSP.
>>>>
>>>> Has anyone face this problem before ?
>>>>
>>>> Can someone from Microsoft confirm about this problem ?
>>>>
>>>> Thank in advance for any help or idea......
>>>>
>>>> Rudy
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"John Smith" <some***@microsoft.com> wrote in message
news:cChce.167$o32.1@fe09.lga...
>i have already turned off 802.1x authentication
>
> and yes, I'm using WPA-PSK not just WPA
>
>
>
> "Carl DaVault [MSFT]" <car***@online.microsoft.com> wrote in message
> news:eIkDVdDTFHA.2872@TK2MSFTNGP14.phx.gbl...
>> You should turn off 802.1x authentication if you are not using it.
>>
>> This will make the problem go away. Are you sure you set it to WPA-PSK
>> and not WPA?
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;814123
>>
>> --
>> Standard Disclaimers -
>> This posting is provided "AS IS" with no warranties,
>> and confers no rights. Please do not send e-mail directly
>> to this alias. This alias is for newsgroup purposes only.
>>
>>
>> "John Smith" <some***@microsoft.com> wrote in message
>> news:kpFae.16924$ZQ1.1012@fe11.lga...
>>>i do have about same problem, although it might be different.. i'm not
>>>100% following everything here.. but here is what i have
>>>
>>> once, i switch my router from WEP to WAP-PSK, my computer displays
>>> following
>>>
>>> Windows was unable to find a certificate to log you to the network
>>>
>>> i however did not create any certificates, i'm not really sure which one
>>> exactly do i need to be honest..
>>>
>>> but the main problem is that after i get connected i lose my connection
>>> after 1-2 mins tops and the only thing i have left to do is to turn
>>> radio off and turn it back to be able to connect for another minute or
>>> so..
>>>
>>> is it suppose to be like that? or am i just misconfigure something ( it
>>> needs that certificiate ) if so can you refer me to your website where
>>> it describes which certificate do i need to create, where to put it and
>>> how to create it? basically step by step guide..
>>>
>>> thank you so much
>>>
>>>
>>>
>>>
>>> "Carl DaVault [MSFT]" <car***@online.microsoft.com> wrote in message
>>> news:OXWpUN2RFHA.3704@TK2MSFTNGP12.phx.gbl...
>>>> Sorry to state the obvious, but did you troubleshoot the certificate in
>>>> all other ways? Try creating new/fresh certificates? Compare them to
>>>> make sure that the only difference is the EKU? Etc? Make sure it's in
>>>> the right store? Are you seeing this only with the smartcard EKU or
>>>> does the problem occur when any EKU is added to the Client
>>>> Authentication?
>>>>
>>>> What method are you using to generate the certificates?
>>>>
>>>> Are the certificates usable with EAP-TLS and a RAS/VPN connection or
>>>> does the problem only surface with wireless?
>>>>
>>>> Thanks.
>>>>
>>>> If you want, I can try to take a look at the 2 certificates to compare
>>>> them.
>>>>
>>>> --
>>>> Standard Disclaimers -
>>>> This posting is provided "AS IS" with no warranties,
>>>> and confers no rights. Please do not send e-mail directly
>>>> to this alias. This alias is for newsgroup purposes only.
>>>>
>>>>
>>>> "erha" <r***@guardmydata.com> wrote in message
>>>> news:%235xFcPBRFHA.4020@tk2msftngp13.phx.gbl...
>>>>> Hi all, (especially Microsoft)
>>>>>
>>>>> We currently try to integrate our Smart Card to be used in Wireless
>>>>> EAP-TLS
>>>>> authentication.
>>>>> Our Smart Card is currently is used for Microsoft Windows Certificate
>>>>> Logon.
>>>>> To support the EAP-TLS, we add Client Authentication to the Extended
>>>>> Key
>>>>> Usage (EKU).
>>>>> But we are failed. The Microsoft complain the "Windows was unable to
>>>>> find a
>>>>> certificate to log you on the network XXXX".
>>>>>
>>>>> Upon this error, we are trying to use certificate from Certificate
>>>>> Store.
>>>>>
>>>>> Certificate #1:
>>>>> EKU=Client Authentication
>>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>>
>>>>> MS Windows do not complain when we are using Certificate#1.
>>>>>
>>>>> We delete Certificate#1 from Certificate store and import Certificate#
>>>>> 2.
>>>>>
>>>>> Certifcate #2:
>>>>> EKU=Client Authentication, Smart Card Logon
>>>>> Key Usage=Digital Signature, keyEncipherment, keyAgreement
>>>>>
>>>>> And ha ha ......
>>>>>
>>>>> The MS Windows complain "Windows was unable to find a certificate to
>>>>> log you
>>>>> on the network XXXX".
>>>>>
>>>>> Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
>>>>>
>>>>> We need to this two EKU on one Certificate because currently Microsoft
>>>>> called our CSP using "default container" for Smart Card Logon and
>>>>> EAP-TLS.
>>>>> And we cannot differentiate who is actually calling our CSP.
>>>>>
>>>>> Has anyone face this problem before ?
>>>>>
>>>>> Can someone from Microsoft confirm about this problem ?
>>>>>
>>>>> Thank in advance for any help or idea......
>>>>>
>>>>> Rudy
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

news:1116082645.871435.287740@z14g2000cwz.googlegroups.com...
> Hi Carl,
>
> Yes for sure the two certificate only different on the EKU and both of
> them is imported to Current User Certificate Store.
>
> On my testing, I do not use the Certificate from the Smart Card.
> Instead I create the Certificate and import PKCS#12 to the Current User
> Certificate Store.
>
> The Certificate is created by our own product and it is working fine so
> far. We can do a Certificate Logon correctly.
>
> I can send the two certificates to you if you want but could we do this
> offline.
>
> I could not get your email address since I post this message from
> google. Can you please send your email to rudy@guardmydata-nospam.com ?
> (Please remove '-nospam' from the email address)
>