Re: 802.1X help needed

In article <1164801572.083588.264980@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
ajj3085@xxxxxxxxxxxx says...

Thanks for sticking with me. The vortex certificate does appear to be
on the laptop, although I'm not sure which one it is.

Am I correct in assuming that the GPO settings will be 'setup' on the
laptop? If so, how does the laptop get to vortex if it hasn't yet
authenticated?

I thought "vortex" was the laptop, but is it actually the SBS?

If so, the certificate you are seeing is probably the Domain Controller
certificate. You should also have a (different but similar)
certificate: the self-signed one created as part of the CEICW. This is
probably why you see 2 "vortex" certificates.

You still need a computer certificate for the laptop. "Automatic
Certificate Request Settings" is configured in the wireless GPO to make
this happen.

The laptop (briefly) "gets to" the SBS during the authentication
process. More specifically, credentials are sent to Internet
Authentication Service (Microsoft's RADIUS) on the SBS. The WAP
mediates this information exchange which is why it must be configured to
talk to a RADIUS server. IAS determines whether the credentials passed
to it are valid. The credentials include the wireless computer name
(there must be a matching computer account on the SBS) and the wireless
computer certificate (it must be valid).

Just curious to know how the settings on the laptop should work (or if
they should seem unchanged). At this point my new WAP arrives
tomorrow, so I'm not going to futz with the old on anymore... but
knowing how things should look on the laptop should help me if I have
problems with the new WAP.

I _strongly_ recommend that you start from scratch with the new WAP and
closely follow the steps in my docs. The most common reason the secure
wireless network fails to work is a configuration error - a step is
skipped or something is not configured correctly. As you know, there
are a LOT of steps and it's important that you get all of them right.
If you do, there is a very good chance secure wireless will work on the
first try.

-- Owen Williams (SBS MVP)
.

Relevant Pages

  • Re: Client cannot logon to domain - unavailable
    ... should be caused by wireless configuration of the laptop. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Offline folders icon still displays in startup menu
    ... > I have a laptop connecting via a wireless AP. ... > while not connected to the SBS box. ... Sounds like the wireless network connection isn't taking place fast enough ...
    (microsoft.public.windows.server.sbs)
  • Re: The Ideal Laptop Senario?
    ... But what about the GPO's that SBS applies, and the SBS Proxy like I ... I use my laptop outside the network all the time via wireless. ... > Your trend will still run outside the office. ...
    (microsoft.public.windows.server.sbs)
  • Re: Router vs Access Point
    ... RADIUS would be the most secure option (allowing you to revoke the laptop ... a doc on how to secure a wireless network using RADIUS with SBS... ...
    (microsoft.public.windows.server.sbs)
  • Re: 802.1X help needed
    ... Vortex is the SBS server, hellknight is the laptop. ... I thought "vortex" was the laptop, but is it actually the SBS? ... the certificate you are seeing is probably the Domain Controller ...
    (microsoft.public.windows.server.sbs)
Loading