Solved

Wireless Certificate SChannel error (The certificate received from the remote server has either expired or is not yet valid)

Posted on 2011-02-28
4
5,263 Views
Last Modified: 2013-11-09
We recently renewed both the Root and intermediate CA servers certifcates in the organization.  This was done successfully.  
For client PC's to access our wireless network we use certificates (WPA2 / AES).  These certificates are auto generated upon request from the client PC.  These requests are carried out by the intermediate CA.  Now when the PC's try to authenticate to use the wireless network the computer gets the following error:

Source: Schannel
Event ID:  36881
Description:  The Certificate received from the remote server has either expired or is not yet valid.  The SSL connection request has failed.  The attached data contains the server certificate.

So far I've done the following on Client PC:
1)  Via Certificate MMC (Both Personal and Local Computer) removed old / expired root and intermediate certificates
2)  Removed all cached ssl certificates out of IE (Tools>Internet Options>Contents Tab>Certificates>.

After this I still can't get these on Wireless.  I have other devices on our network working fine with wifi, for example iPhone authenicating the same way.  This is why I think there is somethng cached on the local PC's.  The PC's in my environment are Windows XP and Windows 7.

One thing to Note:  I'm not sure if this has anything to do with this issue, when on the Intermediate CA Server in the Certificate Authority MMC, when I right click the server name and go to properties, I noticed in the General Tab the the expired certificate is "Certificate #0 (expired)" is first and Certificate #1 is beneath it.  I tried to remove the old certificate from here by removing it from "Certificate MMC", however once I restart the Certificate Authority service, this old certificate gets put back in the database.  Is there a way to remove the old certificate?

Assistance is needed.  I've been researching this for a few hours and haven't found the fix yet.
0
Comment
Question by:mranth
  • 2
4 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 35007433
Request mods to reassign this question to windows server 2008 section. You will get an answer.

Also check this link

http://www.experts-exchange.com/Networking/Security/Q_25072298.html?sfQueryTermInfo=1+10+30+certif+either+expir+from+ha+receiv+remot+server


Ded9
0
 

Accepted Solution

by:
mranth earned 0 total points
ID: 35009912
I ended up fixing my problem.  As I noted in my question, iPhones were working correctly with wifi, however my Windows Clients weren't with regards to certificate based authentication.  This pinpoints an issue with my windows clients and they way I was setting up the connection for the wireless profile.  The fix was to uncheck "Validate server certificate" in the "Smart Card or other Certifiacte Properties page".  
0
 

Author Closing Comment

by:mranth
ID: 35045617
This solution fixed my problem.
0
 

Expert Comment

by:ObiLan
ID: 38213760
Old topic but I post here bacause it popped up first in the search. We had same issue and the problem was that during renewal Windows server did not delete the old certificate and NPS was using it. Deleting the old one trough MMC/Certificates/Computer Account made NPS to use the new one.

I think unchecking "Validate server certificate" will leave you more vulnerable to password phishing attacks trough rogue APs since client won't validate servers before sending login credentials.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question