Solved

Certificate Disappears in 2008 - used for client authentication

Posted on 2011-09-06
7
1,320 Views
Last Modified: 2013-12-09
Ok, on our network for our HP ProCurve Wireless, we have a RADIUS Server that handles the authentication automatically.  However, everyday, not at the same time, the one certficate just disapears off the server.  When this happens, no one can connect to the wlan.   To fix this problem everyday I need to:

- RDP into the certificate server, which is our domain controller
- start, run, mmc
- file, add/remove snap-in
- Certificates, add
- Computer account, local computer
- Right click Personal, all tasks, request new certificate
- next, ad enrollment policy, next, select domain controller, enroll.
- restart CNG Key Isolation Service.

Once this is done, people can authenticate.

I have attached a picture of the cert that keeps disappearing.  As you can see, I just had to issue a new one today, 9/6.

 

Can anyone help with fixing this cert issue so I do not have to request a new one each day, sometimes twice a day? cert
0
Comment
Question by:phantomdan2005
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 36495470
Generally, the domain controllers use an autoenrolment with the PKI and you are not required to renew their certificates manually. Do you have the same problem with another domain controller?

There must be something wrong with the PKI. Could you give us more information how it is setup, please?
0
 

Author Comment

by:phantomdan2005
ID: 36495708
No, this domain controller is the only one that controls the certs.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36495724
Hello,

This usually hapens because the server the certificate is installed on can't contact the Certificate Revocation List. In the certificates MMC, open the certificate and go to the details page. Find the CRL Distribution Points field. Make sure the URL in this field is valid and can be accessed from this server. If you are using an internal CA, which it appears you are, make sure it is setup correctly and that you are properly publishing the CRL.

JJ
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:phantomdan2005
ID: 36495739
What specific information are you looking for when you ask for how it is setup?  I am  not too familiar with certificate services, and I did not setup this.  I just joined the company so things were in place before I got here.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36495822
First, check the certificate and make sure the CRL Distribution Points field looks valid and is accessible form the server.

JJ
0
 

Accepted Solution

by:
phantomdan2005 earned 0 total points
ID: 36528762
I fixed my own issue.  I ended deleting the self-issued cert and enabled the RAS and IAS certificate template then issued that cert.  This fixed the issue.
0
 

Author Closing Comment

by:phantomdan2005
ID: 36555751
I fixed my own issue.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now