Re: Issues with IAS and Verisign Cert
From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 09/09/04
- Previous message: James McIllece [MS]: "Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies"
- In reply to: D: "Re: Issues with IAS and Verisign Cert"
- Next in thread: D: "Re: Issues with IAS and Verisign Cert"
- Reply: D: "Re: Issues with IAS and Verisign Cert"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 09 Sep 2004 14:16:09 -0700
"=?Utf-8?B?RA==?=" <D@discussions.microsoft.com> wrote in
news:3E8226F0-C2CA-47B2-8F7A-C3F1B10F7042@microsoft.com:
> I checked the authentication methods and everything is fine. But
> here's were I get confused. The client authenticates and I verify
> that through Event Viewer in the IAS server and the client is able to
> surf the web for a few seconds and then it stops. I try 'ipconfig
> /release' then 'ipconfig/renew' and I can't renew the ip. If I
> disable and renable the wireless adapter the client can surf again and
> then it goes back to the same issue. Any suggestions??
>
> "James McIllece [MS]" wrote:
>
>> "=?Utf-8?B?RA==?=" <D@discussions.microsoft.com> wrote in
>> news:693B82F0-1C42-4461-B4F6-3D435F8D9E6A@microsoft.com:
>>
>> > Exporting and importing seems to work. The client can authenticate
>> > but its very slow. I looked at the Event Viewer and I'm getting
>> > this message.
>> >
>> > Fully-Qualified-User-Name = US\****
>> > NAS-IP-Address = 131.*.*.*
>> > NAS-Identifier = h
>> > Called-Station-Identifier = 000d.bd01.109f
>> > Calling-Station-Identifier = 000c.41fc.744c
>> > Client-Friendly-Name = AP
>> > Client-IP-Address = 131.*.*.*
>> > NAS-Port-Type = Wireless - IEEE 802.11
>> > NAS-Port = 423
>> > Proxy-Policy-Name = Wireless Access
>> > Authentication-Provider = Windows
>> > Authentication-Server = <undetermined>
>> > Policy-Name = Allow Wireless LAN Access
>> > Authentication-Type = EAP
>> > EAP-Type = <undetermined>
>> > Reason-Code = 22
>> > Reason = The client could not be authenticated because the
>> > Extensible
>> > Authentication Protocol (EAP) Type cannot be processed by the
>> > server.
>> >
>> > By the way thanks very much for your help.
>> >
>> > D
>> > "James McIllece [MS]" wrote:
>> >
>> >> >snip<
>> >> >
>> >> > I'm going to assume you are talking about the IAS certificate
>> >> > store and not the client. If so yes the certificate is stored
>> >> > in the IAS personal certificate store. I also checked the
>> >> > client settings for guest access and the box is not checked and
>> >> > PEAP is enabled.
>> >> >>
>> >> >
>> >>
>> >> Yes, I meant the IAS cert store, sorry I wasn't more specific. Did
>> >> you try exporting and then importing the certificate? It would be
>> >> hard to tell the difference if the certificate has access to the
>> >> private keys or not from the UI. If you export and then import we
>> >> can be certain.
>> >>
>> >> If that doesn't work, we'll need to see your tracelogs, so make
>> >> sure tracing is enabled. To set tracing use the following command
>> >> at the command prompt:
>> >>
>> >> netsh ras set tracing * enabled
>> >>
>> >>
>> >> --
>> >> James McIllece, Microsoft
>> >>
>> >> Please do not send email directly to this alias. This is my
>> >> online account name for newsgroup participation only.
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers
>> >> no rights.
>> >>
>> >
>>
>> You're welcome, I'm glad you have things working. As for the slowness
>> of authentication...
>>
>> ....I ran this by some other guys on the team as I wasn't sure what
>> the problem might be. One of them said:
>>
>> Sounds like they might not have enabled the right authentication
>> method. Can they double check their settings on clients and make sure
>> they’re using an authentication method that is enabled in the IAS
>> matching policy.
>>
>> So you might want to check that out and let me know.
>>
>> --
>> James McIllece, Microsoft
>>
>> Please do not send email directly to this alias. This is my online
>> account name for newsgroup participation only.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>
This sounds like an AP configuration issue. What AP are you using?
-- James McIllece, Microsoft Please do not send email directly to this alias. This is my online account name for newsgroup participation only. This posting is provided "AS IS" with no warranties, and confers no rights.
- Previous message: James McIllece [MS]: "Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies"
- In reply to: D: "Re: Issues with IAS and Verisign Cert"
- Next in thread: D: "Re: Issues with IAS and Verisign Cert"
- Reply: D: "Re: Issues with IAS and Verisign Cert"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
