?
Solved

Wireless Certificate SChannel error (The certificate received from the remote server has either expired or is not yet valid)

Posted on 2011-02-28
4
Medium Priority
?
5,789 Views
Last Modified: 2013-11-09
We recently renewed both the Root and intermediate CA servers certifcates in the organization.  This was done successfully.  
For client PC's to access our wireless network we use certificates (WPA2 / AES).  These certificates are auto generated upon request from the client PC.  These requests are carried out by the intermediate CA.  Now when the PC's try to authenticate to use the wireless network the computer gets the following error:

Source: Schannel
Event ID:  36881
Description:  The Certificate received from the remote server has either expired or is not yet valid.  The SSL connection request has failed.  The attached data contains the server certificate.

So far I've done the following on Client PC:
1)  Via Certificate MMC (Both Personal and Local Computer) removed old / expired root and intermediate certificates
2)  Removed all cached ssl certificates out of IE (Tools>Internet Options>Contents Tab>Certificates>.

After this I still can't get these on Wireless.  I have other devices on our network working fine with wifi, for example iPhone authenicating the same way.  This is why I think there is somethng cached on the local PC's.  The PC's in my environment are Windows XP and Windows 7.

One thing to Note:  I'm not sure if this has anything to do with this issue, when on the Intermediate CA Server in the Certificate Authority MMC, when I right click the server name and go to properties, I noticed in the General Tab the the expired certificate is "Certificate #0 (expired)" is first and Certificate #1 is beneath it.  I tried to remove the old certificate from here by removing it from "Certificate MMC", however once I restart the Certificate Authority service, this old certificate gets put back in the database.  Is there a way to remove the old certificate?

Assistance is needed.  I've been researching this for a few hours and haven't found the fix yet.
0
Comment
Question by:Anthony Graczyk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 35007433
Request mods to reassign this question to windows server 2008 section. You will get an answer.

Also check this link

http://www.experts-exchange.com/Networking/Security/Q_25072298.html?sfQueryTermInfo=1+10+30+certif+either+expir+from+ha+receiv+remot+server


Ded9
0
 

Accepted Solution

by:
Anthony Graczyk earned 0 total points
ID: 35009912
I ended up fixing my problem.  As I noted in my question, iPhones were working correctly with wifi, however my Windows Clients weren't with regards to certificate based authentication.  This pinpoints an issue with my windows clients and they way I was setting up the connection for the wireless profile.  The fix was to uncheck "Validate server certificate" in the "Smart Card or other Certifiacte Properties page".  
0
 

Author Closing Comment

by:Anthony Graczyk
ID: 35045617
This solution fixed my problem.
0
 

Expert Comment

by:ObiLan
ID: 38213760
Old topic but I post here bacause it popped up first in the search. We had same issue and the problem was that during renewal Windows server did not delete the old certificate and NPS was using it. Deleting the old one trough MMC/Certificates/Computer Account made NPS to use the new one.

I think unchecking "Validate server certificate" will leave you more vulnerable to password phishing attacks trough rogue APs since client won't validate servers before sending login credentials.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question