IAS and certificate "weirdness" (WiFi Radius Auth)
Got a weird one this week.
I setup my WLAN Auth via the famous Ashby Radius doc thats floating around edugeek for quite a while now and it has been working flawlessly since.
This week I got a report that some of our macs were dropping of the WLAN (ruckus) and via troubleshooting/investigating it appeared the certificate that was instaled on the macs (imaged) was no longer valid and i went around and manually installed the "same" certificate over the existing one and hey presto it worked. Same certificate, didnt expire, same method of installing into mac osx 10.6 (wifi system profile, certificate trust etc).
Now my XP Laptops do occasionally fall off, its just the way its always been so i know quite well what needs to be done to resolve the issue. Via the guides help i know that i should expect a certficate (named here IASServerCert) in my trusted root store in my laptops because they are domain clients and the cert was issued via an enterprise domain-bound CA
Now however the cert doesn't appear in the clients trusted root store, after many domain join-leave-rejoins. I can however export and install the cert without issue. This is not the point im more interested in why the cert is now longer in the enterprise trust store.
Upon investigating i can see in the CA's personal managment, that is the CA's certmgr.msc rather then the domain CA interface that there are 2 certificates in the "intemediate cert authorities > cert revocation list" folder. This is definatley not expected but i definatley dont want to start moving/deleting certs particulary if i have to re-config all few hundred laptops.
Can anyone assist here please? Any ideas how to troubleshoot?
Thanks Gang, as always - mucho apprecaited.