Re: IAS CRL problem
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 23 Oct 2006 12:52:11 -0700
=?Utf-8?B?SmVyb2Vu?= <Jeroen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:7D5AFE93-B52C-4597-AE2D-93F2E1115F0C@xxxxxxxxxxxxx:
Hi,
I've got 2 domain controllers, one with CA and IAS installed the other
only with IAS installed. When I try to authenticate a wireless client
with EAP-TLS both IAS servers accept the request.
If I revoke the certificate of the user and then try to authenticate
on the server with the CA installed I can't authenticate. On the other
server I can authenticate.
Some how the CRL isn't correctly updated to the other IAS server. I
set the CRL publication interval to 1 hour, but that doesn't matter.
Help would be appreciated.
Regards,
Jeroen
Hi Jeroen --
The product team has provided the following information for you:
"The CRL is most likely being cached by the second IAS server, and the
published CRL is not being checked because the cache is checked first. This
will be the case until the next expected update, which was provided by the
Next Update field the last time the CRL was checked. If the CRL publication
interval has been changed to one hour, this change will not reach the
second IAS server until its current copy expires. We do not support any
method to manually flush the CRL cache."
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Prev by Date: Re: Sporadic IAS Authentication problems
- Next by Date: Re: IAS CRL problem
- Previous by thread: troubleshooting 802.1x authentication...
- Next by thread: Re: IAS CRL problem
- Index(es):
Relevant Pages
|
