Re: 802.1x PEAP with VeriSign WLAN certificate

=?Utf-8?B?U3RldmllRA==?= <StevieD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:4B357F46-9D8C-47C0-AE66-9FAB625782AA@xxxxxxxxxxxxx:

I'm trying to use 802.1x with PEAP for our wireless network. In order
to use that we have a RADIUS server (Windows 2003 IAS), AD in native
mode, but no CA deployed. Is this the first mistake?

I have followed the "Obtaining and Installing a VeriSign WLAN Server
Certificate for PEAP-MS-CHAP v2 Wireless Authentication" guide from
Microsoft, and it doesn't mention the need for a CA.

So following the guide, I've installed the VeriSign WLAN server
certificate on the IAS server, in the Local Computer certificate
store. I've verified the installation. On the client, I have setup
for 802.1x PEAP, ticked the validate server certificate and selected
the Trusted Certificate Authority Root as VeriSign Class 3 Primary CA
-expire 8/1/2028, as stated in the guide mentioned above.

I'm unable to connect to the network. I am getting the following
errors in the event log on the IAS server.

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 20168
Description:
Could not retrieve the Remote Access Server's certificate due to the
following error: The credentials supplied to the package were not
recognized

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Description:
Access request for user domain\user was discarded.
Fully-Qualified-User-Name = domain/ou/user
NAS-IP-Address = 192.x.x.x
NAS-Identifier = WiFi
Called-Station-Identifier =
Calling-Station-Identifier =
Client-Friendly-Name =
Client-IP-Address = 192.x.x.x
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 1
Reason = An internal error occurred.

Can someone please please advise me on where I'm going wrong?

Thank you



Hi there -

This sounds like the shared secret you have configured on the AP and on the
IAS server do not match.


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Cannot sync Windows mobile with sbs2003 server
    ... Windows Mobile OS to the SBS2003 server at work so that he can read e-mails. ... What certificate do Microsoft recommend here, and where can this be bought? ...
    (microsoft.public.pocketpc)
  • Re: Need help configuring Wireless Connection profile
    ... Now life is good in the Windows wireless world. ... now have a secure wireless setup within my small business server environment. ... "point" the info of the Radius authentication to your current Radius server. ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... credentials at the login prompt for Windows Server 2003 on the server ... The certificate is a public thing, ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: EAP-TLS with windows CE
    ... Thanks for the quick response. ... Windows CE then prompts the wireless user for the ... to the AP which gets passed on to an authentication server (RADIUS or ... nothing to do with the contents of the certificate at all. ...
    (microsoft.public.windowsce.platbuilder)