Re: Cannot request certificate on client computer

Dave,

This is still not working.

I can see the certificate on the server via the MMC. On the XP client, I
cannot request a CA per earlier below.

Here is what I did.

1. On server un-install CA & IAS
2. reboot
3. Install IAS & CA according to pages 372-388 (friendly name LongSOHO; open
external firewall ports to server address)
4. reboot
5. verified certificate LongSOHO Root CA on server (actually 2 instances of
the certificate)
6. Verified SBS server Certificate on SBS server in personal certificates
(deleted 2 copies from previous day)
7. On re-booted client machines attempted to request a certificate, it had
same error panel. ( my XP user account includes domain admin)
8. Launched certsrv web panel on XP client:
- installed trust CA
- requested EFS certificate, installed (CSP - MS enhanced crypto provide
v1.0, key size 1024)CMC SHA-1)
- requested user certificate, installed
9. in MMC verified 2 certificates in current user and LongSOHO Root CA in
current user
10. built VPN connection per manual:
- checked connect to these servers and selected LongSOHO Root CA
- connection failed - Error 781 no valid certificate
- viewed LongSOHO Root CA details on XP and they match server
certificate details

Any suggestions as to why I cannot use MMC, can add via certsrv and still
not connect?

"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:u68YTwfWHHA.192@xxxxxxxxxxxxxxxxxxxxxxx
You could try going to http://<sbsname>/certsrv. Click "Download a CA
certificate, certificate chain, or CRL." On the next page, choose the CA
you created on the SBS and click "Download CA Certificate." In the
pop-up, click Open, then Install Certificate. Let it automatically choose
where to install the cert. Once you've got the CA certificate installed,
see if the wizard runs as described.

I haven't see the issue you're having, so I don't really have any first
hand knowledge of what's going on. It just seems like this would be the
next logical step.


"John Lenz" <lenz4@xxxxxxxxxxxxxx> wrote in message
news:uPpq%23bfWHHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
The certificate does not appear on the client PC trusted root...
certificates. It does appear on the server trusted root... certificates

The client name is fully qualified.

Any thoughts?


"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23FVGSUfWHHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
When you look on the client PC under Certificates (Local Computer) ->
Trusted Root Certification Authorities -> Certificates, do you see one
that uses the name you gave the CA when you installed it on page 376?
Does the client PC have the proper DNS suffix as described on the bottom
of page 379 (computername.domainname.local)?



"John Lenz" <lenz4@xxxxxxxxxxxxxx> wrote in message
news:u6anA2eWHHA.896@xxxxxxxxxxxxxxxxxxxxxxx
I am following MS book on SBS 2003 R2 administrators companion page 378,
Requesting computer and user certificates.

I installed CA on server. Client is correctly attached to domain as
domain admin.

I launch MMC on client computer and add certificates (local computer)
and certificates current user.

When I right-click personal on certificates (local computer) and
request a certificate, I get error panel:

The wizard cannot be started because...
-There are no trusted certificate authorities available
- You do not have permissions to request certificates from available
CAs
- The available CAs issue certificates for which you do not have
permissions


When I created the local certificate on the server machine, the wizard
went through just fine.

Where is the hang-up?









.

Relevant Pages

  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: LDP client authentication fails
    ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SSL & Man In the Middle Attack
    ... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
    (comp.security.misc)
  • Re: activesync issue
    ... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
    (microsoft.public.windows.server.sbs)
  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... order to detect we are connected to the wrong server (even though its SSL ... certificate is OK and valid by Verisign); we would need a client certificate. ... this can be detected by SSL/HTTPS client in ...
    (microsoft.public.dotnet.framework.aspnet.security)
Loading