Solved

Wireless Certificate SChannel error (The certificate received from the remote server has either expired or is not yet valid)

Posted on 2011-02-28
4
5,483 Views
Last Modified: 2013-11-09
We recently renewed both the Root and intermediate CA servers certifcates in the organization.  This was done successfully.  
For client PC's to access our wireless network we use certificates (WPA2 / AES).  These certificates are auto generated upon request from the client PC.  These requests are carried out by the intermediate CA.  Now when the PC's try to authenticate to use the wireless network the computer gets the following error:

Source: Schannel
Event ID:  36881
Description:  The Certificate received from the remote server has either expired or is not yet valid.  The SSL connection request has failed.  The attached data contains the server certificate.

So far I've done the following on Client PC:
1)  Via Certificate MMC (Both Personal and Local Computer) removed old / expired root and intermediate certificates
2)  Removed all cached ssl certificates out of IE (Tools>Internet Options>Contents Tab>Certificates>.

After this I still can't get these on Wireless.  I have other devices on our network working fine with wifi, for example iPhone authenicating the same way.  This is why I think there is somethng cached on the local PC's.  The PC's in my environment are Windows XP and Windows 7.

One thing to Note:  I'm not sure if this has anything to do with this issue, when on the Intermediate CA Server in the Certificate Authority MMC, when I right click the server name and go to properties, I noticed in the General Tab the the expired certificate is "Certificate #0 (expired)" is first and Certificate #1 is beneath it.  I tried to remove the old certificate from here by removing it from "Certificate MMC", however once I restart the Certificate Authority service, this old certificate gets put back in the database.  Is there a way to remove the old certificate?

Assistance is needed.  I've been researching this for a few hours and haven't found the fix yet.
0
Comment
Question by:Anthony Graczyk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 35007433
Request mods to reassign this question to windows server 2008 section. You will get an answer.

Also check this link

http://www.experts-exchange.com/Networking/Security/Q_25072298.html?sfQueryTermInfo=1+10+30+certif+either+expir+from+ha+receiv+remot+server


Ded9
0
 

Accepted Solution

by:
Anthony Graczyk earned 0 total points
ID: 35009912
I ended up fixing my problem.  As I noted in my question, iPhones were working correctly with wifi, however my Windows Clients weren't with regards to certificate based authentication.  This pinpoints an issue with my windows clients and they way I was setting up the connection for the wireless profile.  The fix was to uncheck "Validate server certificate" in the "Smart Card or other Certifiacte Properties page".  
0
 

Author Closing Comment

by:Anthony Graczyk
ID: 35045617
This solution fixed my problem.
0
 

Expert Comment

by:ObiLan
ID: 38213760
Old topic but I post here bacause it popped up first in the search. We had same issue and the problem was that during renewal Windows server did not delete the old certificate and NPS was using it. Deleting the old one trough MMC/Certificates/Computer Account made NPS to use the new one.

I think unchecking "Validate server certificate" will leave you more vulnerable to password phishing attacks trough rogue APs since client won't validate servers before sending login credentials.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question