Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate Disappears in 2008 - used for client authentication

Posted on 2011-09-06
7
Medium Priority
?
1,369 Views
Last Modified: 2013-12-09
Ok, on our network for our HP ProCurve Wireless, we have a RADIUS Server that handles the authentication automatically.  However, everyday, not at the same time, the one certficate just disapears off the server.  When this happens, no one can connect to the wlan.   To fix this problem everyday I need to:

- RDP into the certificate server, which is our domain controller
- start, run, mmc
- file, add/remove snap-in
- Certificates, add
- Computer account, local computer
- Right click Personal, all tasks, request new certificate
- next, ad enrollment policy, next, select domain controller, enroll.
- restart CNG Key Isolation Service.

Once this is done, people can authenticate.

I have attached a picture of the cert that keeps disappearing.  As you can see, I just had to issue a new one today, 9/6.

 

Can anyone help with fixing this cert issue so I do not have to request a new one each day, sometimes twice a day? cert
0
Comment
Question by:phantomdan2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 36495470
Generally, the domain controllers use an autoenrolment with the PKI and you are not required to renew their certificates manually. Do you have the same problem with another domain controller?

There must be something wrong with the PKI. Could you give us more information how it is setup, please?
0
 

Author Comment

by:phantomdan2005
ID: 36495708
No, this domain controller is the only one that controls the certs.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36495724
Hello,

This usually hapens because the server the certificate is installed on can't contact the Certificate Revocation List. In the certificates MMC, open the certificate and go to the details page. Find the CRL Distribution Points field. Make sure the URL in this field is valid and can be accessed from this server. If you are using an internal CA, which it appears you are, make sure it is setup correctly and that you are properly publishing the CRL.

JJ
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:phantomdan2005
ID: 36495739
What specific information are you looking for when you ask for how it is setup?  I am  not too familiar with certificate services, and I did not setup this.  I just joined the company so things were in place before I got here.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36495822
First, check the certificate and make sure the CRL Distribution Points field looks valid and is accessible form the server.

JJ
0
 

Accepted Solution

by:
phantomdan2005 earned 0 total points
ID: 36528762
I fixed my own issue.  I ended deleting the self-issued cert and enabled the RAS and IAS certificate template then issued that cert.  This fixed the issue.
0
 

Author Closing Comment

by:phantomdan2005
ID: 36555751
I fixed my own issue.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question