Is it possible to have a stand alone win2k3 CA produce certificates
for the IAS server to use for PEAP? When we try to authenticate to
the WAP, we get these errors on our IAS box: (It looks as if the
certificates are no good)

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 20168
Date: 2/15/2007
Time: 10:08:45 AM
User: N/A
Computer: Computer
Description:
Could not retrieve the Remote Access Server's certificate due to the
following error: No credentials are available in the security package

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 2/15/2007
Time: 10:08:43 AM
User: N/A
Computer: Computer
Description:
Access request for user test@test.com was discarded.
Fully-Qualified-User-Name = test
NAS-IP-Address = 192.168.21.9
NAS-Identifier = WAP
Called-Station-Identifier = 0003.45f7.3210
Calling-Station-Identifier = 0555.5056.55b5
Client-Friendly-Name = WAP
Client-IP-Address = 192.168.21.9
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 267
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Reason-Code = 300
Reason = No credentials are available in the security package

Hi,

It looks like there is a problem with your certificate.

Make sure all the following are true:

For the computer certificates installed on the IAS servers, the following
must be true:
. They must be installed in the Local Computer certificate store.

. They must have a corresponding private key. When you view the
properties of the certificate with the Certificate snap-in, you should see
the text You have a private key that corresponds to this certificate on the
General tab.

. The cryptographic service provider for the certificates supports
SChannel. If not, the IAS server cannot use the certificate and it is not
selectable from the properties of the Smart Card or Other Certificate EAP
type from the Authentication tab on the properties of a profile for a remote
access policy.

. They must contain the Server Authentication certificate purpose
(also known as an Enhanced Key Usage [EKU]). An EKU is identified using an
object identifier (OID). The OID for Server Authentication is
"1.3.6.1.5.5.7.3.1".

. They must contain the fully qualified domain name (FQDN) of the
computer account of the IAS server computer in the Subject Alternative Name
property.


Additionally, the root CA certificates of the CAs that issued the wireless
client computer and user certificates must be installed in the Certificates
(Local Computer)\Trusted Root Certification Authorities\Certificates folder.

http://www.microsoft.com/technet/pro...y/ed80211.mspx

I hope this helps.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

wrote in message
news:1171657449.859759.124480@v33g2000cwv.googlegr oups.com...
> Is it possible to have a stand alone win2k3 CA produce certificates
> for the IAS server to use for PEAP? When we try to authenticate to
> the WAP, we get these errors on our IAS box: (It looks as if the
> certificates are no good)
>
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 20168
> Date: 2/15/2007
> Time: 10:08:45 AM
> User: N/A
> Computer: Computer
> Description:
> Could not retrieve the Remote Access Server's certificate due to the
> following error: No credentials are available in the security package
>
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 3
> Date: 2/15/2007
> Time: 10:08:43 AM
> User: N/A
> Computer: Computer
> Description:
> Access request for user test@test.com was discarded.
> Fully-Qualified-User-Name = test
> NAS-IP-Address = 192.168.21.9
> NAS-Identifier = WAP
> Called-Station-Identifier = 0003.45f7.3210
> Calling-Station-Identifier = 0555.5056.55b5
> Client-Friendly-Name = WAP
> Client-IP-Address = 192.168.21.9
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 267
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server =
> Reason-Code = 300
> Reason = No credentials are available in the security package
>