jimxox
asked on
XP unable to get a machine certificate from domain
I have an XP PC that is unable to get a machine certificate from the domain. All other machines are ok. If I try to request a new certifiacate from the domain, I get the following:
The wizard cannot be started because of one of the following conditions:
-There are no trusted CAs available
-You do not have permissions to request certificates from the available CSs
-The available CAs issue certificates for which you do not have permissions
I have removed the machine from the domain, deleted the machine account, and re added it, but still no certificate.
One thing I have seen is that Extensible Authentication Protocol Service service failed to start. The service did not respond to the start or control request in a timely fashion.
I don't know if this service failed to start because there is no certificate, or if there is no certificate because EAPS failed to start, or if this is unrelated
Any help would be great!
Thanks
Jim
The wizard cannot be started because of one of the following conditions:
-There are no trusted CAs available
-You do not have permissions to request certificates from the available CSs
-The available CAs issue certificates for which you do not have permissions
I have removed the machine from the domain, deleted the machine account, and re added it, but still no certificate.
One thing I have seen is that Extensible Authentication Protocol Service service failed to start. The service did not respond to the start or control request in a timely fashion.
I don't know if this service failed to start because there is no certificate, or if there is no certificate because EAPS failed to start, or if this is unrelated
Any help would be great!
Thanks
Jim
ASKER
I am too low down the food chain in this organisation to be allowed access to the CA server, so am unable to check that.
All machines are XP - our beloved corporate dictators do not allow any modern OS
All machines are XP - our beloved corporate dictators do not allow any modern OS
Ah. Understood.
I strongly suspect EAP is failing due to the lack of a certificate rather than the reverse.
Ping the CA to see if it is down.
or If you have another new workstation you can test with, see if the problem repeats on a different machine.
If this has worked for you in the past, unless someone has made a change on the CA, it's probably not a lack of permissions or not having the right template installed. Once this is set up, I don't think there are very many moving parts that can break.
I strongly suspect EAP is failing due to the lack of a certificate rather than the reverse.
Ping the CA to see if it is down.
or If you have another new workstation you can test with, see if the problem repeats on a different machine.
If this has worked for you in the past, unless someone has made a change on the CA, it's probably not a lack of permissions or not having the right template installed. Once this is set up, I don't think there are very many moving parts that can break.
ASKER
I can delete and request / renew certificates on other machines, so I can only assume that the issue is with the single laptop and not the CA server, or connectivity to the CA server.
Requested assistance further up the food chain - their response was "rebuild the laptop" - helpful! Laptop's owner's response to that was not repeatable ;o)
Tried to do some experiments on my own working laptop. EAPS and certificates to do not appear to have a relationship on my PC. Can delete my machine certificate, and EAPS starts / stops no problem. Can also disable EAPS, and can still delete / renew / request certificates - Think the whole EAPS may have just been a red herring!
May try to reinstall SP3 on to XP to see if that has any affect, but to be honest, I am just guessing now
Requested assistance further up the food chain - their response was "rebuild the laptop" - helpful! Laptop's owner's response to that was not repeatable ;o)
Tried to do some experiments on my own working laptop. EAPS and certificates to do not appear to have a relationship on my PC. Can delete my machine certificate, and EAPS starts / stops no problem. Can also disable EAPS, and can still delete / renew / request certificates - Think the whole EAPS may have just been a red herring!
May try to reinstall SP3 on to XP to see if that has any affect, but to be honest, I am just guessing now
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Please award points to Razmus for his help, however have no given up on the issue and decide not to waste any more time on the issue and just rebuild the laptop
Thanks Razmus!
Thanks Razmus!
Do you have any errors on your Certificate Authority machine?
The other machines in your environment which are okay... are any of them also Windows XP? (Or just Vista and Win7?)