Solved

Where do i check  the Certificate used for wireless authentication is expired or not ?

Posted on 2013-01-15
3
885 Views
Last Modified: 2013-02-01
Hi

We have windows 2008 Active Directory and also it is our Radius server. We have XP as a client.
We use Cisco 4400 Series Controller and Cisco Aironet 1142 Wireless-N Access points .
The Laptops were connecting automatically into the wireless network once they are joined to the domain and adding the laptop to the wireless security group in the AD.
All of sudden all the 20 laptops got disconnected from our wireless network.

The Laptops can detect our wireless network if i refresh the wireless network. On the system tray the pop says:

Windows was unable to log you on to the network MDomain. (MDomain is our SSID)

The wireless network got disconnected on  10 december. In saw the event iD on this particular date in the Radius server .

Source: CertificationAuthority
EventID:58
A certificate in the chain for CA certificate 0 for TullipCA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

Source: CertificationAuthority
EventID:94
Active Directory Certificate Services TullipCA can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

I logged into the wireless controller and under Monitor I get continious logs  under - Most recent traps:
It says

AAA Authentication Failure for UserName:host/LAPTOP1.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP2.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP3.domain.local User Type: WLAN USER

Where  do in check if the  certificate (TullipCA) is expired  or not  which is named in the event viewer log. Will the certificate be named as TullipCA ?

Any help much appreciated

Thanks
0
Comment
Question by:lianne143
  • 2
3 Comments
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points
ID: 38779759
On the NPS (RADIUS) I would open the certificates MMC for the local computer, go to Personal and look at the computer certificate issued to the NPS.  Under the Certification Path tab you can see the chain that is used and the status of each cert.

If it's just the cert for the NPS that is expired, you can renew it using the MMC.

For the CA, log in to it, and under Server Manager, AD CS role you should see Enterprise PKI where you can check the status of your CA and renew the CA cert if necessary.
0
 

Author Comment

by:lianne143
ID: 38780414
Any tutorials as how to open the certificates MMC for the local computer,
- Personal and
     - look at the computer certificate issued to the NPS

will be helpful

Thanks
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 38780535
Run MMC.exe.  Under File > Add/Remove Snap-in > select Certificates > click Add > select Computer Account > Next > Local computer > Finish > OK.  Expand Personal > Certificates > look for the cert named like your NPS (might be the only one) and double-click it.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question