Problems authenticating using WPA2-Enterprise.. Help!

Hi.

I've been trying to setup wireless networking, using WPA2-Enterprise security. I'm using IAS on a server, which is also the only domain controller. The server also has the Certificate Authority server, and self-generated a certificate. Windows 2003 server.

I've exported the certificate from the server (as *.PB7 file), and install that on the client (via mmc certmgr.msc snap-in), importing into the Enterprise Trust folder.

I'm not sure what is going on, but out of about 10 users trying to connect, I can only get about 4 to work. The clients are personal computers, and a mix of OS (XP, Vista, Mac OS X). Some of the ones that work are Vista Home
Premium, at least one that works is XP. One computer is a member of the domain, most are not. As far as I can tell, setup is the same on all. I personally setup on some, and it all seems the same as the setup on my PC (which works), yet it fails to work.

In most cases where it doesn't work, it is first because the computer is trying to authenticate as computer or local login, instead of using the domain login account. Then the appropriate options are unticked, and the user is prompted to enter username and password. At this stage, when the correct username and password is entered, it is not successful, but keeps prompting to re-enter credentials (often the balloon pops up in bottom right corner before the user has had time to finish entering details the previous time), and there is no longer anything in the server logs.

I especially don't understand why there is nothing in the logs showing these failed attempts to login, even though previous attempts are recorded in the logs for the same computer (eg when no certificate, or trying automatic
login).

It seems like after a while it stops talking to IAS. Is there some kind of inbuilt security where a computer is blocked after a certain number of failed attempts? How long does it take before they can try again?

Also, I'm wondering if I'm using the wrong type of certificate. Also, since it does work for some computers, it seems like maybe that is ok..?

Any ideas? It is really wrecking my head!

(BTW I tried posting this on wireless group, but no response.. hopefully more success on this list...)

Thanks,

Craig


.

Relevant Pages

  • Re: How to enable SSL on IIS 6.0
    ... Yes, I probably can, but I need to know what kind of CA setup do you have. ... > I know how to make the request and created the TXT file. ... >>> I need the information on how to have the same server (with Certificate ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to configure for Two different IP subnets
    ... Active Directory will go haywire in a setup like that. ... AD integrates with the local DNS, so you cannot use the DNS at your ISP ... With Server 2003 Standard ... for its internal interface (ie the VPN endpoint). ...
    (microsoft.public.windows.server.networking)
  • Re: Configuring SBS to allow Remote Access
    ... I've redirected using Virtual Server settings within the ... router the above ports to the SBS Server NIC's static IP ... then asked if I wish to accept the Certificate which I do. ... >> how to setup Exchange. ...
    (microsoft.public.backoffice.smallbiz2000)
  • RE: To Setup Exchange or not to Setup Exchange...That is the Question.
    ... enough rescources to handle the load that Exchange will put on it. ... into your server in no time, so you will either have to have a very fast RAID ... You can also setup RPC over HTTP for your sales people to reteive e-mail ... phones can download a simple POP client to the phone to get E-mail. ...
    (microsoft.public.exchange.setup)
  • RE: lock down Terminal server
    ... The question is that if I do this, when the user login to anohter computer ... I would like just limit access TS. ... I have a Terminal server. ... setup users as domain users by using Active Directory. ...
    (microsoft.public.windows.terminal_services)