IAS PEAP Wireless - Stand Alone CA - Wireless

This is a discussion on IAS PEAP Wireless - Stand Alone CA - Wireless ; Is it possible to have a stand alone win2k3 CA produce certificates for the IAS server to use for PEAP? When we try to authenticate to the WAP, we get these errors on our IAS box: (It looks as if ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IAS PEAP Wireless - Stand Alone CA

  1. IAS PEAP Wireless - Stand Alone CA

    Is it possible to have a stand alone win2k3 CA produce certificates
    for the IAS server to use for PEAP? When we try to authenticate to
    the WAP, we get these errors on our IAS box: (It looks as if the
    certificates are no good)

    Event Type: Error
    Event Source: IAS
    Event Category: None
    Event ID: 20168
    Date: 2/15/2007
    Time: 10:08:45 AM
    User: N/A
    Computer: Computer
    Description:
    Could not retrieve the Remote Access Server's certificate due to the
    following error: No credentials are available in the security package

    Event Type: Error
    Event Source: IAS
    Event Category: None
    Event ID: 3
    Date: 2/15/2007
    Time: 10:08:43 AM
    User: N/A
    Computer: Computer
    Description:
    Access request for user test@test.com was discarded.
    Fully-Qualified-User-Name = test
    NAS-IP-Address = 192.168.21.9
    NAS-Identifier = WAP
    Called-Station-Identifier = 0003.45f7.3210
    Calling-Station-Identifier = 0555.5056.55b5
    Client-Friendly-Name = WAP
    Client-IP-Address = 192.168.21.9
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 267
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server =
    Reason-Code = 300
    Reason = No credentials are available in the security package


  2. Re: IAS PEAP Wireless - Stand Alone CA

    Hi,

    It looks like there is a problem with your certificate.

    Make sure all the following are true:

    For the computer certificates installed on the IAS servers, the following
    must be true:
    . They must be installed in the Local Computer certificate store.

    . They must have a corresponding private key. When you view the
    properties of the certificate with the Certificate snap-in, you should see
    the text You have a private key that corresponds to this certificate on the
    General tab.

    . The cryptographic service provider for the certificates supports
    SChannel. If not, the IAS server cannot use the certificate and it is not
    selectable from the properties of the Smart Card or Other Certificate EAP
    type from the Authentication tab on the properties of a profile for a remote
    access policy.

    . They must contain the Server Authentication certificate purpose
    (also known as an Enhanced Key Usage [EKU]). An EKU is identified using an
    object identifier (OID). The OID for Server Authentication is
    "1.3.6.1.5.5.7.3.1".

    . They must contain the fully qualified domain name (FQDN) of the
    computer account of the IAS server computer in the Subject Alternative Name
    property.


    Additionally, the root CA certificates of the CAs that issued the wireless
    client computer and user certificates must be installed in the Certificates
    (Local Computer)\Trusted Root Certification Authorities\Certificates folder.

    http://www.microsoft.com/technet/pro...y/ed80211.mspx

    I hope this helps.

    --
    Greg Lindsay [MSFT]

    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.

    wrote in message
    news:1171657449.859759.124480@v33g2000cwv.googlegr oups.com...
    > Is it possible to have a stand alone win2k3 CA produce certificates
    > for the IAS server to use for PEAP? When we try to authenticate to
    > the WAP, we get these errors on our IAS box: (It looks as if the
    > certificates are no good)
    >
    > Event Type: Error
    > Event Source: IAS
    > Event Category: None
    > Event ID: 20168
    > Date: 2/15/2007
    > Time: 10:08:45 AM
    > User: N/A
    > Computer: Computer
    > Description:
    > Could not retrieve the Remote Access Server's certificate due to the
    > following error: No credentials are available in the security package
    >
    > Event Type: Error
    > Event Source: IAS
    > Event Category: None
    > Event ID: 3
    > Date: 2/15/2007
    > Time: 10:08:43 AM
    > User: N/A
    > Computer: Computer
    > Description:
    > Access request for user test@test.com was discarded.
    > Fully-Qualified-User-Name = test
    > NAS-IP-Address = 192.168.21.9
    > NAS-Identifier = WAP
    > Called-Station-Identifier = 0003.45f7.3210
    > Calling-Station-Identifier = 0555.5056.55b5
    > Client-Friendly-Name = WAP
    > Client-IP-Address = 192.168.21.9
    > NAS-Port-Type = Wireless - IEEE 802.11
    > NAS-Port = 267
    > Proxy-Policy-Name = Use Windows authentication for all users
    > Authentication-Provider = Windows
    > Authentication-Server =
    > Reason-Code = 300
    > Reason = No credentials are available in the security package
    >




+ Reply to Thread