Re: IAS System Rights / IAS + Win2003 SP1

hmmm., you're right. I owe you a beer. There's no private key.

What have I done wrong importing this certificate ?


"Thomas K" <thomas@xxxxxxxxx> wrote in message
news:426290d0$0$44102$5fc3050@xxxxxxxxxxxxxxxxxxxxxxxxxxx
> start / run / mmc / add/remove snapin / certificates / computer account
> if you only see user account, log back on with local administrator's
> privileges
> double click certificates (local computer), go to personal, certificates
> you should see you cert there
> double click it
> does it read you have a private key corresponding with the cert? if not
> that's your problem
> if yes, right click the cert & export it to a .cer file that you can post
> to anyone
>
> /T
>
>
>
> "Jerry Cantrell" <jerry@xxxxxxxxx> wrote in message
> news:O0rvvb2QFHA.1528@xxxxxxxxxxxxxxxxxxxxxxx
>> How can I get you that?
>>
>> One thing that troubles me... I generated the Cert request with IIS
>> manager, and lodged through verisign, and gave a challenge phrase at the
>> verisign website. When the cert arrived, I imported direct into
>> computer's store. Usually I'd get asked for the challenge phrase, but not
>> with this certificate. Or am I just forgetting the process?
>>
>>
>> regards,
>> jerry.
>>
>>
>> "Thomas K" <thomas@xxxxxxxxx> wrote in message
>> news:42627eec$0$44108$5fc3050@xxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> Please post your certificate (without the private key)
>>>
>>> /T
>>>
>>> "Jerry Cantrell" <jerry@xxxxxxxxx> wrote in message
>>> news:%23EZkAD1QFHA.3928@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Yep, checked that - it's all okay. I'm thinking the problem is buried
>>>> more deeply within Windows.
>>>>
>>>> IAS Event logs with the failures include (see bottom).
>>>>
>>>> ccess request for user wtest was discarded.
>>>>
>>>> NAS-Port-Type = Wireless - IEEE 802.11
>>>>
>>>> NAS-Port = 754
>>>>
>>>> Proxy-Policy-Name = Use Windows authentication for all users
>>>>
>>>> Authentication-Provider = Windows
>>>>
>>>> Authentication-Server = <undetermined>
>>>>
>>>> Reason-Code = 300
>>>>
>>>> Reason = No credentials are available in the security package
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> "Thomas K" <thomas@xxxxxxxxx> wrote in message
>>>> news:426200a5$0$44102$5fc3050@xxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>>> Check that the certificate you have received from verisign meets the
>>>>> IAS requirements:
>>>>> 1/ Launch ias.msc
>>>>> 2/ Double click you remote access policy
>>>>> 3/ Click "Edit profile" button
>>>>> 4/ Go to "Authentication" Tab
>>>>> 5/ Click "EAP Methods" button
>>>>> 6/ Add "Protected EAP", OK
>>>>> 7/ Edit
>>>>>
>>>>> Do you see your certificate listed there
>>>>> - yes: reqs are met
>>>>> - not: guess what :-)
>>>>>
>>>>> /T
>>>>>
>>>>> "Jerry Cantrell" <jerry@xxxxxxxxx> wrote in message
>>>>> news:OtSXFYvQFHA.3704@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> What system rights and user rights are required for IAS.? I'm trying
>>>>>> to get to the bottom of the problem I'm having, and wondering if its
>>>>>> a problem with 2003 SP1.
>>>>>>
>>>>>>> [2504] 14:38:05:175: No Cert Name. Guest access requested
>>>>>>> [2504] 14:38:05:175: AcquireCredentialsHandle failed and returned
>>>>>>> 0x8009030e
>>>>>>
>>>>>> Although the "No Cert Name" leads me to believe it's a problem with
>>>>>> the certificate. The cert is registered correctly in the computers
>>>>>> cert store and the PEAP config screen shows it okay.
>>>>>>
>>>>>> This IAS is running on 2003 SP1 slipstreamed install, with the
>>>>>> firewall disabled, so its not possible to remove SP1 to see if thats
>>>>>> causing this.
>>>>>>
>>>>>>
>>>>>>
>>>>>> jerry.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.