Re: PEAP error message with CA and IAS

From: Peter K (peter.kloutsiniotis_at_unisa.edu.au)
Date: 08/27/04 

Date: Thu, 26 Aug 2004 20:31:45 -0700

This is interesting as we've been having the same problem
and our Microsoft support person has said we can drag and
drop from the personal store to the local machine
store....IAS recognizes the Cert however we can't auth
via PEAP but EAP/MD5 works fine, so it can't be a backend
problem..(hope not)...

I'll try exporting the cert now....

Bst Rgds,

Peter.

>-----Original Message-----
>Hi John --
>
>Dragging and dropping a cert using the Certificates MMC
won't do the trick
>-- if you move the cert you must export it and then
import it into the
>store.
>
>
>
>
>"Yon Tha Yuggler" <praetorian7x-news@yahoo.com> wrote in
>news:VJudnTL68I1krIDcRVn-qA@giganews.com:
>
>> James,
>>
>> Thanks in advance for your assistance, as well as that
which you have
>> already provided.
>>
>> The certificate appears to be in the Local Computer
store for the
>> RADIUS server.
>> Of the 10 stores in each of Local Computer and Current
User in the
>> Certificates MMC:
>> + Personal
>> + Trusted Root Certification Authorities
>> + Enterprise Trust
>> + Intermediate Certification Authorities
>> + Trusted Publishers
>> + Untrusted Certificates
>> + Third-party Root Certification Authorities
>> + Trusted People
>> + Certificate Enrollment Requests
>> + SPC
>> The only location of the certificate that will allow
me to configure
>> PEAP under IAS is Personal under local computer. (I
have moved the
>> certificate into every store via drag/drop in the
Certificates MMC,
>> experimenting with this.)
>>
>> I have placed the certificate, as well as my own root
CA cert, both in
>> base64 form on my FTP server: "www dot gswc dot us" if
you would like
>> to take a look at them. GSW-CA is a trusted root
authority.
>>
>> It appears that the client accepts the certificate OK.
I just get a
>> IAS_AUTH_FAILED when the users tries to authenticate.
>>
>> Is this IAS_AUTH_FAILED a red herring?
>>
>>
>> Molto obbligato!
>> --John
>> praetorian7x-news@yahoo.com
>>
>> "James McIllece [MS]" <jamesmci@online.microsoft.com>
wrote in message
>>
news:Xns95439BE321DD2jamesmcionlinemicros@207.46.248.16...
>>> yonthayuggler@yahoo.com (YonThaYuggler) wrote in
>>> news:c6d2853b.0408120633.65dc4b61@posting.google.com:
>>>
>>> > James (McIllece),
>>> >
>>> > Regarding:
>>> >
>>> >> Is your IAS server registered in AD? If not, see
the Help topic
>>> >> "To enable the IAS server to read user accounts in
Active
>>> >> Directory"
>>> >
>>> > I beleive that it is registered. In the IAS MMC, I
have right
>>> > clicked and chose "Register service in Active
Directory", and It
>>> > appears that IAS can read AD OK, as it correctly
resolves the
>>> > Fully-Qualified-User-Name from my login ID.
>>> >
>>> > The error I am getting (IAS_AUTH_FAILURE) in the
System Event log
>>> > is indicated here:
>>> >
>>> > <event log snippet begin>
>>> > NAS-Port-Type = 19
>>> > NAS-Port = 54
>>> > Policy-Name = 802.11 wireless
>>> > Authentication-Type = EAP
>>> > EAP-Type = <undetermined>
>>> > Reason-Code = 16
>>> > Reason = There was an authentication failure
because of an
>>> > unknown
>>> > user name or a bad password.
>>> > <event log snippet end>
>>> >
>>> > Not using any realm replacements, and I do have
reversible
>>> > encryption enabled for passwords in GP, and have
changed my
>>> > password to update the store with the reversible
version.
>>> >
>>>
>>> Another IAS team member read through your posts and
says that your
>>> cert is in the wrong location -- so you need to open
the certificates
>>> MMC, export the cert, then import the cert into the
Local Computer
>>> cert store. (It is probably in the Current User cert
store.)
>>>
>>> That should solve the problem. If not, let me know.
>>>
>>> --
>>> James McIllece, Microsoft
>>>
>>> Please do not send email directly to this alias.
This is my online
>> account
>>> name for newsgroup participation only.
>>>
>>> This posting is provided "AS IS" with no warranties,
and confers no
>> rights.
>>
>>
>>
>>
>>
>>
>
>
>
>--
>James McIllece, Microsoft
>
>Please do not send email directly to this alias. This
is my online account
>name for newsgroup participation only.
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>.
>

Relevant Pages

  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)
  • Re: Active Directory Federation Services
    ... that is associated with their profile and the machine itself has a store. ... Just wanted to let you know that I got the cert problem fixed. ... the user certificate store. ... FSP was looking for certs in the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)