Re: Wireless WPA on SBS not authenticating

I have checked a couple of user machines.. the have all failed autoenrollment
but have the cert. Here is the common error that I get:

Automatic certificate enrollment for local system failed to contact the
active directory (0x8007054b). The specified domain either does not exist or
could not be contacted.
Enrollment will not be performed.


"Dave Nickason [SBS MVP]" wrote:

When the client PC boots, does it log any auto enrollment errors in its
application log? I know you've verified the correct certificate is
installed, but that Guest thing is weird - not something I've seen before.

Do you run ISA 2004? In its default configuration, that blocks certificate
auto enrollment. I'm pretty sure the fix for that is included in Owen's
white paper.


"Noncentz" <Noncentz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ABB41361-90AD-4DBD-B72C-DF6BAB215D1B@xxxxxxxxxxxxxxxx
Dave,

I turned both boxes on and I check my System Log and whammo.... nothing.
Guess that means im not gettin anything so it must be my client or router.
I
did get this error in the Application log though

From IAS:
The description for Event ID ( 2 ) in Source ( IAS ) cannot be found. The
local computer may not have the necessary registry information or message
DLL
files to display messages from a remote computer. You may be able to use
the
/AUXSOURCE= flag to retrieve this description; see Help and Support for
details. The following information is part of the event: %%2147483686,
MCCOYSALES\Guest, 10.10.0.115, 001d7ea04513, 001d7ea04513, 001d604008fa,
LinksysAP, 10.10.0.115, Wireless - IEEE 802.11, 50, Use Windows
authentication for all users, %%2147483688, %%2147483685, %%2147483685,
EAP,
%%2147483685, 34, %%4130.

The part i noticed was the "MCCOYSALES\Guest 10.10.0.115" which is my
domain
and AP but its under guest, i dont really know why it would tag that AP
with
guest but ??? either way thanks for the quick reply, still dissecting the
issue

Noncentz

"Dave Nickason [SBS MVP]" wrote:

Go into IAS and at the top left, r-click "Internet Authentication Service
(Local)" -> Properties. Check the two boxes to enable success and
failure
logging. After a login attempt fails, check the System log on the SBS to
see if IAS logged the connection attempt. If so, you might get some help
from the log entry. If not, it's probably a configuration issue on the
client PC or the router.

Everything needs to match exactly - for example, WPA and WPA2 are not
interchangeable, nor are TKIP and AES. I can't remember the details now,
but I had a WAP setting relating to security that appeared to match
everything else but did not. If you're following Owen's document
exactly,
just make sure that everything is set to WPA, and to TKIP. If you have a
choice, you need WPA Enterprise, not WPA with PSK.

Failing that, you could try updating the NIC drivers on the wireless
client,
and also maybe trying a different wireless client or NIC. I've had some
weird authentication issues with Intel wireless NICs, sometimes helped by
a
driver update, but I did have to replace one. You can try disabling all
the
security to make sure the client can associate with the WAP, but I've had
one instance where it would connect without security but not with, and
that's the one where I had to replace the NIC.


"Noncentz" <Noncentz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4E5A2561-E4C8-4AB5-9D27-CA8F92522140@xxxxxxxxxxxxxxxx
Morning,

I am trying to configure an Cisco 1200AP and a Linksys WRT54G to work
with
certificates. I followed this guide to perfection that I was given
earlier.

http://home.comcast.net/~clearviewtc/

It was a great guide and helped immensly with my implementation. I did
the
following:

Installed an configured Certification Authority
Installed Internet Auth Service
Defined my RADUIS Clients and Access Policy for Wireless
I created a wireless group and a wireless GPO
GPO consisting of Autoenrollment for "Computer" Certificates
I set my gpo so that it only authenticates Computer Certs / TKIP/ WPA
I can see on a client machine that the cert is there and it is the
correct
cert

---- But naturally when I go to connect to the Network with a client
device
I get no luck... just says Validating Identity -----

Im guess im frustrated because I can see where I went wrong on with
this
guide, Im working with my linksys now and still no luck, any good
guides
to
peap maybe?

Noncentz

Any help would be greatly appreciated







.

Relevant Pages

  • Re: Wireless WPA on SBS not authenticating
    ... I manually updated the cert on my client machine just fine. ... Automatic certificate enrollment for local system failed to contact the ... Enrollment will not be performed. ... certificate then tested on wireless. ...
    (microsoft.public.windows.server.sbs)
  • Re: WM5 PEAP with Certificates
    ... to connect to our wireless with my Axim x51v. ... in the trusted root certificate area. ... using TKIP encryption and then PEAP, if I hit the properties button for PEAP ... EAP/TLS and you do need a user and root cert on the device. ...
    (microsoft.public.pocketpc.wireless)
  • Re: WM5 PEAP with Certificates
    ... to connect to our wireless with my Axim x51v. ... in the trusted root certificate area. ... EAP/TLS and you do need a user and root cert on the device. ...
    (microsoft.public.pocketpc.wireless)
  • Re: Radius Server
    ... > so I'm guessing the client needs the Server Certificate, ... > export it from the server and import it to the client. ... >> But if you deployed EAP-TLS, you need a server cert and a client ...
    (microsoft.public.windows.server.networking)
  • Re: OWA Form Resetting
    ... Depends on the client browsers... ... The reason why you are getting alerts regarding the certificate being ... both the ISA server computer as well as the external ... I can view the cert and the certs ...
    (microsoft.public.isa)