?
Solved

Wireless Certificate SChannel error (The certificate received from the remote server has either expired or is not yet valid)

Posted on 2011-02-28
4
Medium Priority
?
5,617 Views
Last Modified: 2013-11-09
We recently renewed both the Root and intermediate CA servers certifcates in the organization.  This was done successfully.  
For client PC's to access our wireless network we use certificates (WPA2 / AES).  These certificates are auto generated upon request from the client PC.  These requests are carried out by the intermediate CA.  Now when the PC's try to authenticate to use the wireless network the computer gets the following error:

Source: Schannel
Event ID:  36881
Description:  The Certificate received from the remote server has either expired or is not yet valid.  The SSL connection request has failed.  The attached data contains the server certificate.

So far I've done the following on Client PC:
1)  Via Certificate MMC (Both Personal and Local Computer) removed old / expired root and intermediate certificates
2)  Removed all cached ssl certificates out of IE (Tools>Internet Options>Contents Tab>Certificates>.

After this I still can't get these on Wireless.  I have other devices on our network working fine with wifi, for example iPhone authenicating the same way.  This is why I think there is somethng cached on the local PC's.  The PC's in my environment are Windows XP and Windows 7.

One thing to Note:  I'm not sure if this has anything to do with this issue, when on the Intermediate CA Server in the Certificate Authority MMC, when I right click the server name and go to properties, I noticed in the General Tab the the expired certificate is "Certificate #0 (expired)" is first and Certificate #1 is beneath it.  I tried to remove the old certificate from here by removing it from "Certificate MMC", however once I restart the Certificate Authority service, this old certificate gets put back in the database.  Is there a way to remove the old certificate?

Assistance is needed.  I've been researching this for a few hours and haven't found the fix yet.
0
Comment
Question by:Anthony Graczyk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 35007433
Request mods to reassign this question to windows server 2008 section. You will get an answer.

Also check this link

http://www.experts-exchange.com/Networking/Security/Q_25072298.html?sfQueryTermInfo=1+10+30+certif+either+expir+from+ha+receiv+remot+server


Ded9
0
 

Accepted Solution

by:
Anthony Graczyk earned 0 total points
ID: 35009912
I ended up fixing my problem.  As I noted in my question, iPhones were working correctly with wifi, however my Windows Clients weren't with regards to certificate based authentication.  This pinpoints an issue with my windows clients and they way I was setting up the connection for the wireless profile.  The fix was to uncheck "Validate server certificate" in the "Smart Card or other Certifiacte Properties page".  
0
 

Author Closing Comment

by:Anthony Graczyk
ID: 35045617
This solution fixed my problem.
0
 

Expert Comment

by:ObiLan
ID: 38213760
Old topic but I post here bacause it popped up first in the search. We had same issue and the problem was that during renewal Windows server did not delete the old certificate and NPS was using it. Deleting the old one trough MMC/Certificates/Computer Account made NPS to use the new one.

I think unchecking "Validate server certificate" will leave you more vulnerable to password phishing attacks trough rogue APs since client won't validate servers before sending login credentials.
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question