Re: IAS Certificate Error

From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 04/08/04 

Date: Wed, 7 Apr 2004 19:51:07 -0700

Try this -> Export the cert to a file "w/ private key"; delete it from cert
store; and import it again in machine store. 

-- 
-- 
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================
"James McIllece [MS]" <jamesmci@online.microsoft.com> wrote in message 
news:Xns94C46C65152D1jamesmcionlinemicros@207.46.248.16...
> "jjb" <jeffbates@aitcny.com> wrote in
> news:eczbz#$GEHA.2612@TK2MSFTNGP09.phx.gbl:
>
>> Hi,
>> While trying to set up a  wireless network using 802.1x with PEAP to
>> authenticate users.
>> We have:
>>
>> RADIUS server (Windows 2003 IAS on a DC)
>> Active Directory mixture of Windows .
>>
>> I have bought a VERISGN certificate and installed it on the IAS
>> server. We getting the following error messages:
>> Event Type: Error
>> Event Source: IAS
>> Event Category: None
>> Event ID: 3
>> Date:  4/6/2004
>> Time:  1:46:06 PM
>> User:  N/A
>> Computer: CS3AD
>> Description:
>> Access request for user CNET\JeffB was discarded.
>>  Fully-Qualified-User-Name = <undetermined>
>>  NAS-IP-Address = 10.32.50.2
>>  NAS-Identifier = CH1120B-92-C4DC
>>  Called-Station-Identifier = 00-02-8A-A9-98-71
>>  Calling-Station-Identifier = 00-40-96-40-1A-0A
>>  Client-Friendly-Name = WAP-9 Memorial South-IT
>>  Client-IP-Address = 10.32.50.2
>>  NAS-Port-Type = Wireless - IEEE 802.11
>>  NAS-Port = 442
>>  Proxy-Policy-Name = <none>
>>  Authentication-Provider = <undetermined>
>>  Authentication-Server = <undetermined>
>>  Reason-Code = 1
>>  Reason = An internal error occurred. Check the system event log for
>> additional information.
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> And
>> Event Type: Error
>> Event Source: IAS
>> Event Category: None
>> Event ID: 20168
>> Date:  4/6/2004
>> Time:  1:46:06 PM
>> User:  N/A
>> Computer: CS3ADC01
>> Description:
>> Could not retrieve the Remote Access Server's certificate due to the
>> following error: The credentials supplied to the package were not
>> recognized
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>> Data:
>> 0000: 0d 03 09 80               ...?
>>
>> Any help would be great!
>>
>> Thanks,
>> - J
>>
>>
>>
>
> Can you see the server certificate in the IAS UI? (The location is in the
> remote access policy: click Edit Profile, then Authentication tab, then 
> EAP
> Methods button, then select EAP type=PEAP and click Edit, then see drop-
> down dialog "Certificate issued.")
>
> If you can't see it, then you have a misconfigured cert that can't be used
> by IAS for server authentication. I assume Verisign can assist you if this
> is the problem. (And if this is the problem, in case you haven't already
> seen it, you may want to read "Obtaining and Installing a VeriSign WLAN
> Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication" at
> http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx.)
>
> If you can see the certificate in the IAS UI, the IAS team will need to
> examine your tracelogs.
>
> To enable tracing, run the following command at the command prompt:
>
> NETSH RAS SET TRACING * ENABLE
>
> The trace logs will be under %windir%\Tracing
>
>
> -- 
> James McIllece, Microsoft
>
> Please do not send email directly to this alias.  This is my online 
> account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
Loading