Solved

Wireless Certificate SChannel error (The certificate received from the remote server has either expired or is not yet valid)

Posted on 2011-02-28
4
5,314 Views
Last Modified: 2013-11-09
We recently renewed both the Root and intermediate CA servers certifcates in the organization.  This was done successfully.  
For client PC's to access our wireless network we use certificates (WPA2 / AES).  These certificates are auto generated upon request from the client PC.  These requests are carried out by the intermediate CA.  Now when the PC's try to authenticate to use the wireless network the computer gets the following error:

Source: Schannel
Event ID:  36881
Description:  The Certificate received from the remote server has either expired or is not yet valid.  The SSL connection request has failed.  The attached data contains the server certificate.

So far I've done the following on Client PC:
1)  Via Certificate MMC (Both Personal and Local Computer) removed old / expired root and intermediate certificates
2)  Removed all cached ssl certificates out of IE (Tools>Internet Options>Contents Tab>Certificates>.

After this I still can't get these on Wireless.  I have other devices on our network working fine with wifi, for example iPhone authenicating the same way.  This is why I think there is somethng cached on the local PC's.  The PC's in my environment are Windows XP and Windows 7.

One thing to Note:  I'm not sure if this has anything to do with this issue, when on the Intermediate CA Server in the Certificate Authority MMC, when I right click the server name and go to properties, I noticed in the General Tab the the expired certificate is "Certificate #0 (expired)" is first and Certificate #1 is beneath it.  I tried to remove the old certificate from here by removing it from "Certificate MMC", however once I restart the Certificate Authority service, this old certificate gets put back in the database.  Is there a way to remove the old certificate?

Assistance is needed.  I've been researching this for a few hours and haven't found the fix yet.
0
Comment
Question by:mranth
  • 2
4 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 35007433
Request mods to reassign this question to windows server 2008 section. You will get an answer.

Also check this link

http://www.experts-exchange.com/Networking/Security/Q_25072298.html?sfQueryTermInfo=1+10+30+certif+either+expir+from+ha+receiv+remot+server


Ded9
0
 

Accepted Solution

by:
mranth earned 0 total points
ID: 35009912
I ended up fixing my problem.  As I noted in my question, iPhones were working correctly with wifi, however my Windows Clients weren't with regards to certificate based authentication.  This pinpoints an issue with my windows clients and they way I was setting up the connection for the wireless profile.  The fix was to uncheck "Validate server certificate" in the "Smart Card or other Certifiacte Properties page".  
0
 

Author Closing Comment

by:mranth
ID: 35045617
This solution fixed my problem.
0
 

Expert Comment

by:ObiLan
ID: 38213760
Old topic but I post here bacause it popped up first in the search. We had same issue and the problem was that during renewal Windows server did not delete the old certificate and NPS was using it. Deleting the old one trough MMC/Certificates/Computer Account made NPS to use the new one.

I think unchecking "Validate server certificate" will leave you more vulnerable to password phishing attacks trough rogue APs since client won't validate servers before sending login credentials.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question