Re: User authentication IPsec
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Apr 2009 16:12:41 -0400
"aconti" <aconti.3qp83b@xxxxxxxxxxxxx> wrote in message news:aconti.3qp83b@xxxxxxxxxxxxxxxx
Hello first of all thank you for your time Ace whatever if I will make
it or not.
I will try to answer your questions as clearly as possible...
The 2 certificates I mentioned are installed on the server and when I
check on the client machines under personal certificates there is
nothing on both machines. Now I just managed to install the
Certification Authority Web Enrollment and managed to add the IPsec
certificate template IPsec and IPsec ( Offline ) so that from the client
machines using IE I can request an IPsec certificate from
http://192.168.0.50/certsrv and hopefully this will fix the missing
machine certificate problem.
That is one way to get the cert to the client, although it is tedious to do it manually on multiple machines.
You told me to duplicate the cert from the templates, why should I do
this what is the reason behind it pls.
The reason is to create an autoenrollment cert to allow you to auto deploy it using an autoenrollment GPO to pass the cert to all clients that you want it to. However, as Imentioned a few times, the only way to create such a cert is only if the CA is installed on 2003 or 2008 Enterprise Edition operating system, not Standard, otherwise the proper template version is not available. If that is the case, then you would need to revert to the manual installation request method that you did above.
How can I find the exact FQDN of the HRA server. I know that the FQDN
of the pc on which the HRA is installed is dcsrv1.nwtraders.msft is this
enough or should I add something more.
Yes I have configures the default GPO I know I should have dome another
GPO but it is just for testing. I have configured Certificate Services
Client- Auto Enrollment ENABLED and Renew .... and Update ... ticked.
Unfortunately it's not the correct certificate template version to create such a cert. Hence, why it is not working.
The certificate server is installed on Windows 2008 server standard
edition and The CA is configured as an Enterprise CA.
Unfortunately if the CA is on Standard, you cannot create an autoenrollment certificate. (see above).
Now I will try to install the IPsec certificates on both client
machines using the web enrollment and also do the command net start
napagent on both machines. I will post any improvements I will do if any
!
Should you need to clarify or add something pls do it
Thank you
Keep me informed of your update and what you plan to do about the CA being on Standard.
Ace
.
- Follow-Ups:
- Re: User authentication IPsec
- From: aconti
- Re: User authentication IPsec
- References:
- User authentication IPsec
- From: aconti
- Re: User authentication IPsec
- From: aconti
- Re: User authentication IPsec
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: User authentication IPsec
- From: aconti
- User authentication IPsec
- Prev by Date: Re: Sending email everytime a user changes password
- Next by Date: Re: AD replication not working on new DC
- Previous by thread: Re: User authentication IPsec
- Next by thread: Re: User authentication IPsec
- Index(es):
Relevant Pages
|
