Wireless Networks Thread, IAS and certificate "weirdness" (WiFi Radius Auth) in Technical; Hi Gang,
Got a weird one this week.
I setup my WLAN Auth via the famous Ashby Radius doc thats ...
27th September 2011, 08:20 AM #1
IAS and certificate "weirdness" (WiFi Radius Auth)
Got a weird one this week.
I setup my WLAN Auth via the famous Ashby Radius doc thats floating around edugeek for quite a while now and it has been working flawlessly since.
This week I got a report that some of our macs were dropping of the WLAN (ruckus) and via troubleshooting/investigating it appeared the certificate that was instaled on the macs (imaged) was no longer valid and i went around and manually installed the "same" certificate over the existing one and hey presto it worked. Same certificate, didnt expire, same method of installing into mac osx 10.6 (wifi system profile, certificate trust etc).
Now my XP Laptops do occasionally fall off, its just the way its always been so i know quite well what needs to be done to resolve the issue. Via the guides help i know that i should expect a certficate (named here IASServerCert) in my trusted root store in my laptops because they are domain clients and the cert was issued via an enterprise domain-bound CA
Now however the cert doesn't appear in the clients trusted root store, after many domain join-leave-rejoins. I can however export and install the cert without issue. This is not the point im more interested in why the cert is now longer in the enterprise trust store.
Upon investigating i can see in the CA's personal managment, that is the CA's certmgr.msc rather then the domain CA interface that there are 2 certificates in the "intemediate cert authorities > cert revocation list" folder. This is definatley not expected but i definatley dont want to start moving/deleting certs particulary if i have to re-config all few hundred laptops.
Can anyone assist here please? Any ideas how to troubleshoot?
Thanks Gang, as always - mucho apprecaited.
3rd October 2011, 10:49 AM #2
ok well no info re: certs and CAs however i did deploy the cert via the Trusted Root Authentication Store in Group Policy which sent the certs out again and resolved all PC related cert issues.
Thanks for the views atleast.
3rd October 2011, 07:59 PM #3
Famous Ashby Radius? Can you please give a link?
Originally Posted by amfony
3rd October 2011, 08:37 PM #4
Have you made sure that your domain's CA root's certificate has not expired? This CA's certificate is automatically copied to the trusted root ca when you join a station to the domain if its a enterprise CA. This is so that any certificate issues by the CA is automatically trusted by the client i.e. if you IAS server's certificate should be trusted by your clients if its issues by your internal CA.
I think you may want to have a look at the IAS certificate and find out who issued that certificate, if it is your CA then it should be fine and the issue may be somewhere else i.e. distance, singnal loss. Are you getting any error in the system log when on the client or IAS server when client's can't connect. It might get give some clues as to what it is happening.
the guide is located here --> http://www.edugeek.net/forums/networ...as-server.html
5th October 2011, 07:56 AM #5
thanks spc i have checked that the cert has not expired and it was issues from a domain bound enterrpise CA (2003r2). I am at a loss but i will recheck all.
The issue is definatley certificate related however and not anything else.
Thanks for the help and more so thank you for guide.
By contink in forum Windows Server 2000/2003
Last Post: 8th July 2011, 03:57 PM
By sllorep in forum Windows 7
Last Post: 8th April 2011, 12:40 PM
By amfony in forum Wireless Networks
Last Post: 9th February 2011, 02:34 PM
By HodgeHi in forum Wireless Networks
Last Post: 30th April 2009, 11:39 AM
By spc-rocket in forum Wireless Networks
Last Post: 11th December 2005, 01:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)