Solved

A Certificate could not be found that can be used with this Extensible Authentication Protocol

Posted on 2008-10-24
8
10,413 Views
Last Modified: 2012-11-20
I'm setting up a new domain controller with IAS with certificate services for wireless authentication for our wireless users. When I select the EAP type in my 'Remote Access Policy' it gives me the error of "A certificate could not be found that can be used with this Extensible Authentication Protocol." There is a certificate install on the server, but I can't get past this....any help would be appreciated.
0
Comment
Question by:StaffordIT
8 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22796524
I'm guessing you don't have the correct EKU(s) assigned in the cert that you are trying to use.  I think this article might help you out some:
http://support.microsoft.com/kb/814394
0
 

Author Comment

by:StaffordIT
ID: 22796681
How do I go into my certificate authority and make the change? I'm not too familiar with this...when i setup my enterprise subordinate CA, i went into the Certificate Authority, and right clicked on the server name and selected Renew CA Certificate, and it shows the server has a certificate if i right click on the server and go to properties, and it shows certs there. Shows that the certs were issued by our enterprise root CA.
0
 

Author Comment

by:StaffordIT
ID: 22797617
Ok, I got it working! apparently the domain controller took longer than i expected to receive a certificate from the root CA?? I'm not sure why it took as long as it did, but the certificate is there now. I appreciate all of your help!
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22797777
You can look at the cert on the Details tab and look for Key Usage and Extended Key Usage fields to see what it actually covers.

Sorry if I'm way off base here, but your description of how you checked your cert set off a couple alarms in my head:
1) When you say you check the cert on the CA, you aren't trying to do this just using the CA cert, correct?
2) You mentioned checking the cert on the CA - normally most people check the cert on the server.  The cert was actually manually installed on the server after submitting the CSR file through the certsrv page, correct?  You can check certmgr.msc in the Personal store for existing certs, or from within many applications such as IIS to make sure it is installed there.

The standard templates within certtmpl.msc are User or SmartCard User for client authentication, and Web Server or Workstation for device authentication.  You can right-click - duplicate if you wish to create a new template to change values that you are not able to do within the standard template.

After choosing the desired templates, they must be Published in AD - open certsrv.msc and point to your issuing CA and then select Templates.  See if it is listed there or not - if not right click Tempaltes - New - Cert Template to Issue - select desired.  Note: to un-publish, right click the template name in this area and delete - this will not delete from certtmpl.msc and can be republished as desired.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22797918
Sorry, took a little while to type up my last post - glad to hear everything is working for you now!
0
 

Author Closing Comment

by:StaffordIT
ID: 31509650
Thanks for the explanations...this really helped me clear up my issue, and also another issue i was having with setting the certificate expiration time with the templates...thanks again !
0
 

Expert Comment

by:gopher_49
ID: 24077096
thanks so much for you help...  Your help and the steps you provided determined and/or assured me that my new instance of my CA server was functoning and all old traces of it where gone.  I'm assuming all of my problems started when my web server type cert was damaged or missing in the EAP profile page of IAS.  I totally forgot there was a web server cert issued to the IAS server.  Anyway, it's working extremely well know.  I plan to make notes and convert the web pages I used to fix this to PDF files so I always have them backed up for future reference.

Thanks
0
 

Expert Comment

by:Deuto
ID: 38618125
Also try this option. This fixed it for me after trying many things including server re-builds for several days (click on link below):

Missing name in template subject field

The error you are seeing is due to the fact that the server certificate is considered valid (for the lack of a better word).
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Know what services you can and cannot, should and should not combine on your server.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question