?
Solved

Certificate Disappears in 2008 - used for client authentication

Posted on 2011-09-06
7
Medium Priority
?
1,362 Views
Last Modified: 2013-12-09
Ok, on our network for our HP ProCurve Wireless, we have a RADIUS Server that handles the authentication automatically.  However, everyday, not at the same time, the one certficate just disapears off the server.  When this happens, no one can connect to the wlan.   To fix this problem everyday I need to:

- RDP into the certificate server, which is our domain controller
- start, run, mmc
- file, add/remove snap-in
- Certificates, add
- Computer account, local computer
- Right click Personal, all tasks, request new certificate
- next, ad enrollment policy, next, select domain controller, enroll.
- restart CNG Key Isolation Service.

Once this is done, people can authenticate.

I have attached a picture of the cert that keeps disappearing.  As you can see, I just had to issue a new one today, 9/6.

 

Can anyone help with fixing this cert issue so I do not have to request a new one each day, sometimes twice a day? cert
0
Comment
Question by:phantomdan2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 36495470
Generally, the domain controllers use an autoenrolment with the PKI and you are not required to renew their certificates manually. Do you have the same problem with another domain controller?

There must be something wrong with the PKI. Could you give us more information how it is setup, please?
0
 

Author Comment

by:phantomdan2005
ID: 36495708
No, this domain controller is the only one that controls the certs.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36495724
Hello,

This usually hapens because the server the certificate is installed on can't contact the Certificate Revocation List. In the certificates MMC, open the certificate and go to the details page. Find the CRL Distribution Points field. Make sure the URL in this field is valid and can be accessed from this server. If you are using an internal CA, which it appears you are, make sure it is setup correctly and that you are properly publishing the CRL.

JJ
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:phantomdan2005
ID: 36495739
What specific information are you looking for when you ask for how it is setup?  I am  not too familiar with certificate services, and I did not setup this.  I just joined the company so things were in place before I got here.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36495822
First, check the certificate and make sure the CRL Distribution Points field looks valid and is accessible form the server.

JJ
0
 

Accepted Solution

by:
phantomdan2005 earned 0 total points
ID: 36528762
I fixed my own issue.  I ended deleting the self-issued cert and enabled the RAS and IAS certificate template then issued that cert.  This fixed the issue.
0
 

Author Closing Comment

by:phantomdan2005
ID: 36555751
I fixed my own issue.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question