Re: IAS, Cert & Wireless Problem (just started)

Fantastic - you got it in one!

If I uncheck the Update Root Cert option (as per
http://support.microsoft.com/kb/317541) that fixes it. On our previous build
this wasn't enabled but must have crept into the new build along with patches
& updates.

My only query is -

What are the implications of not getting the updates and what is the best
workaround ? Is it simply a matter of ensuring the proxy is configured in the
client to allow the root cert updates or does a port need to be opened on the
firewall to allow these updates (eg whats the mechanism by which this occurs)
?

Thanks again,

Raj.
"James McIllece [MS]" wrote:

=?Utf-8?B?UmFq?= <Raj@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:CE1DAC48-38E2-4408-9131-50E51FC58CA9@xxxxxxxxxxxxx:

We've been operating a radius system with IAS on W2k3 quite happily
for several months.

Just in the last few days we've had authentication problems which
seems to point towards the verisign wireless cert (which is valid for
another 12 months).

In the system event log I see these for login attempts -

----
Reason-Code = 23
Reason = Unexpected error. Possible error in server or client
configuration. ----

And in the App event log I see -

----
Failed auto update retrieval of third-party root list sequence number
from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus
tedr/en/authrootseq.txt> with error: This network connection does not
exist. ----

Both of these are relatively recent - the System events started a few
days ago but the App events have been in the log off and on for a
couple of weeks so I'm unsure if its related.

People who have been setup pre the problem seem to still be OK but any
new systems don't work (even if the login credentials are OK on an
existing system). So it would seem the cert on the server isn't
behaving properly.

Has anyone else seen this behaviour or come up with a fix or even have
knowledge of why it would suddenly start happening ?

Cheers,
Raj.



Hi Raj --

Do all of the client computers (both the computers that have successfully
applied the third-party root CA list sequence number update from Windows
Update and the computers that have not) have the Verisign CA cert in their
Trusted Root CA store?

Also in the app log error it states that the network connection does not
exist; can the computers be plugged into the wire to obtain updates?

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: IAS, Cert & Wireless Problem (just started)
    ... If I uncheck the Update Root Cert option (as per ... What are the implications of not getting the updates and what is the ... cert that isn't installed on clients because they haven't been updated. ...
    (microsoft.public.internet.radius)
  • Re: SSH scans...
    ... or push updates out as root. ... > named account but still with UID isn't gaining much. ... presents more challenge because you are performing updates to the system. ...
    (Incidents)
  • running programs from user acctount as root
    ... I have recently upgraded from FC6 to Fedora ... So then after several package updates & the total struggle of getting DVD, ... that require root access from my user account. ...
    (Fedora)
  • Re: [SLE] ksmarttray doesnt reflect true status unless run as root
    ... On Wednesday 26 July 2006 17:39, Stephen Boddy wrote: ... bugging me for the root password every login. ... I would fully expect to have to enter root password for this. ... updates) does not work unless it is run as root. ...
    (SuSE)
  • Re: [SLE] ksmarttray doesnt reflect true status unless run as root
    ... bugging me for the root password every login. ... I'm using it in the smart sense where it updates the cached channel info, ... do the "smart update" command. ...
    (SuSE)
Loading