Re: Wireless 802.11x PEAP failure IAS Cicso 1200

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 08/04/04

Next message: James McIllece [MS]: "Re: 802.11x authentication using MicroSoft AD/IAS.."
Previous message: James McIllece [MS]: "Re: Securing Wireless LANs with PEAP and Passwords"
Next in thread: Agent News Reader: "Re: Wireless 802.11x PEAP failure IAS Cicso 1200"
Reply: Agent News Reader: "Re: Wireless 802.11x PEAP failure IAS Cicso 1200"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 04 Aug 2004 14:14:49 -0700

murf1988@yahoo.com (Chris) wrote in
news:2bcf8c97.0407220701.cf4c3e2@posting.google.com:

> I am trying to use IAS (Windows 2003 server) with a Cisco 1200 AP [IOS
> Ver 12.2(13)JA1] to implement PEAP.
> I have obtained a test certificate from Verisign and installed on the
> IAS server. I have also installed the Test Root CA from Verisign on
> the client workstation (W2ksp4).
>
> I get the unknown user or password error in the event log when the
> user tries to authenticate.
>
> The following is an excerpt from the RASTLS.LOG
> The date and time on the AP, client, and server are all within 2
> minutes of each other.
>
> Any help would be appreciated.
>
>snip<

Hi Chris --

I am not familiar with the verisign test cert -- you may want to review the
whitepaper "Obtaining and Installing a VeriSign WLAN Server Certificate for
PEAP-MS-CHAP v2 Wireless Authentication" at
http://www.microsoft.com/downloads/details.aspx?FamilyID=1971d43c-d2d9-
408d-bd97-139afc60996b&DisplayLang=en.

This whitepaper has been updated recently.

Also you may want to verify that the Verisign test cert meets the minimum
server certificate requirements found in "Network access authentication
and certificates" in Windows Server 2003 IAS or VPN Help, or on the web at
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/
proddocs/en-
us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/prodd
ocs/en-us/sag_VPN_und15.asp

-- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.

Next message: James McIllece [MS]: "Re: 802.11x authentication using MicroSoft AD/IAS.."
Previous message: James McIllece [MS]: "Re: Securing Wireless LANs with PEAP and Passwords"
Next in thread: Agent News Reader: "Re: Wireless 802.11x PEAP failure IAS Cicso 1200"
Reply: Agent News Reader: "Re: Wireless 802.11x PEAP failure IAS Cicso 1200"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Activesync between Windows Mobile 5 and SBS2003 gives error
... You should get a dialog box about installing the cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
(microsoft.public.windows.server.sbs)
RE: SSL certificate not refreshing
... check the certificate on the Windows SBS server. ... registry key to use direct push with ISA 2000. ... Installing the Certificate on the Server ...
(microsoft.public.windows.server.sbs)
Re: what certificate to buy from Verisign ?
... > Server certificate is used by server service, ... For client side, there has Client Authentication Certificate ... > like Verisign will have much more types of certificates available, ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: SSL Problems
... Chances are, when you installed the certificate, it got bound to the wrong ... and ran ssl diag and no errors came up and STILL ... > sites on my IIS server except for this one. ... >>> I am getting page cannot be displayed after installing ...
(microsoft.public.inetserver.iis.security)
Problems enabling smart card login on windows 2000
... After installing a windows 2000 server and a windows 2000 professional system from scratch ... Installing a Windows 2000 Server as a Domain Controller ... Setting up a Certificate Authority ...
(microsoft.public.win2000.security)