Solved

Where do i check  the Certificate used for wireless authentication is expired or not ?

Posted on 2013-01-15
3
912 Views
Last Modified: 2013-02-01
Hi

We have windows 2008 Active Directory and also it is our Radius server. We have XP as a client.
We use Cisco 4400 Series Controller and Cisco Aironet 1142 Wireless-N Access points .
The Laptops were connecting automatically into the wireless network once they are joined to the domain and adding the laptop to the wireless security group in the AD.
All of sudden all the 20 laptops got disconnected from our wireless network.

The Laptops can detect our wireless network if i refresh the wireless network. On the system tray the pop says:

Windows was unable to log you on to the network MDomain. (MDomain is our SSID)

The wireless network got disconnected on  10 december. In saw the event iD on this particular date in the Radius server .

Source: CertificationAuthority
EventID:58
A certificate in the chain for CA certificate 0 for TullipCA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

Source: CertificationAuthority
EventID:94
Active Directory Certificate Services TullipCA can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

I logged into the wireless controller and under Monitor I get continious logs  under - Most recent traps:
It says

AAA Authentication Failure for UserName:host/LAPTOP1.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP2.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP3.domain.local User Type: WLAN USER

Where  do in check if the  certificate (TullipCA) is expired  or not  which is named in the event viewer log. Will the certificate be named as TullipCA ?

Any help much appreciated

Thanks
0
Comment
Question by:lianne143
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 38779759
On the NPS (RADIUS) I would open the certificates MMC for the local computer, go to Personal and look at the computer certificate issued to the NPS.  Under the Certification Path tab you can see the chain that is used and the status of each cert.

If it's just the cert for the NPS that is expired, you can renew it using the MMC.

For the CA, log in to it, and under Server Manager, AD CS role you should see Enterprise PKI where you can check the status of your CA and renew the CA cert if necessary.
0
 

Author Comment

by:lianne143
ID: 38780414
Any tutorials as how to open the certificates MMC for the local computer,
- Personal and
     - look at the computer certificate issued to the NPS

will be helpful

Thanks
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 38780535
Run MMC.exe.  Under File > Add/Remove Snap-in > select Certificates > click Add > select Computer Account > Next > Local computer > Finish > OK.  Expand Personal > Certificates > look for the cert named like your NPS (might be the only one) and double-click it.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question