Re: Certificate for VPN Client has expired (Computer Certificate)

"James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx> wrote in
news:Xns96516E2A8E49jamesmcionlinemicros@xxxxxxxxxxxxx:

> "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
> <ErikHelgerud@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> news:0B622C09-78D0-43F8-AEA6-0A250D0FD207@xxxxxxxxxxxxx:
>
>> Autoenrollment is used. So when users are connected to LAN everything
>> works as it should. BUT my problem is that they only connects via RAS
>> server or VPN, and then certificates are not updated.
>>
>> I need a possibility to renew the certificate - when users are
>> connected by their usual way - not a solution too have them all
>> connected to LAN.
>>
>>snip<
>
> I am discussing this with the certificates team. Thus far the advice I
> have received for you is as follows:
>
> "The VPN process doesn't force the CSE to run, you could use Secedit
> to update the machine policy in a script. This will of course only
> renew/enroll computer certs as W2K only supports ACRS (computer
> certs)."
>
> I've requested additional information, and if I receive any I will
> post it here. If the situation is urgent you can call Product Support
> Services.
>
>

So all you need to do is run this command on each XP/2000 client:

gpupdate /force

You can do this manually at command prompt on the machine or by using a
script. It will cause group policy to be updated on the machine, and the
cert will be autoenrolled.



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

Relevant Pages

  • Re: Certificates for Wireless Networks
    ... The best solution will be to upgrade the CA server to enterprise edition and use autoenrollment, ... The wireless part of the connection is secured using EAP-TLS with user certificates. ...
    (microsoft.public.windows.server.security)
  • Re: Certificate for VPN Client has expired (Computer Certificate)
    ... So when users are connected to LAN everything ... I am discussing this with the certificates team. ... "The VPN process doesn't force the CSE to run, ... renew/enroll computer certs as W2K only supports ACRS." ...
    (microsoft.public.windowsxp.network_web)
  • Re: Enabling a Certificate template
    ... computer certificates can be obtained via automatic request]. ... to the domain and they automatically obtain certificates via autoenrollment. ... >> automatically via Group Policy automatic request and users can request ...
    (microsoft.public.security)
  • Re: Certificates for Wireless Networks
    ... You are growing to the number of workstations where autoenrollment is the ... wireless part of the connection is secured using EAP-TLS with user ... We are using an Enterprise CA to issue the certificates. ...
    (microsoft.public.windows.server.security)
  • Re: Certificate for VPN Client has expired (Computer Certificate)
    ... Autoenrollment is used. ... VPN, and then certificates are not updated. ... >> or the Vpn connection - too be able to renew the certificate? ...
    (microsoft.public.windowsxp.network_web)