Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Where do i check  the Certificate used for wireless authentication is expired or not ?

Posted on 2013-01-15
3
Medium Priority
?
989 Views
Last Modified: 2013-02-01
Hi

We have windows 2008 Active Directory and also it is our Radius server. We have XP as a client.
We use Cisco 4400 Series Controller and Cisco Aironet 1142 Wireless-N Access points .
The Laptops were connecting automatically into the wireless network once they are joined to the domain and adding the laptop to the wireless security group in the AD.
All of sudden all the 20 laptops got disconnected from our wireless network.

The Laptops can detect our wireless network if i refresh the wireless network. On the system tray the pop says:

Windows was unable to log you on to the network MDomain. (MDomain is our SSID)

The wireless network got disconnected on  10 december. In saw the event iD on this particular date in the Radius server .

Source: CertificationAuthority
EventID:58
A certificate in the chain for CA certificate 0 for TullipCA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

Source: CertificationAuthority
EventID:94
Active Directory Certificate Services TullipCA can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

I logged into the wireless controller and under Monitor I get continious logs  under - Most recent traps:
It says

AAA Authentication Failure for UserName:host/LAPTOP1.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP2.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP3.domain.local User Type: WLAN USER

Where  do in check if the  certificate (TullipCA) is expired  or not  which is named in the event viewer log. Will the certificate be named as TullipCA ?

Any help much appreciated

Thanks
0
Comment
Question by:lianne143
  • 2
3 Comments
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points
ID: 38779759
On the NPS (RADIUS) I would open the certificates MMC for the local computer, go to Personal and look at the computer certificate issued to the NPS.  Under the Certification Path tab you can see the chain that is used and the status of each cert.

If it's just the cert for the NPS that is expired, you can renew it using the MMC.

For the CA, log in to it, and under Server Manager, AD CS role you should see Enterprise PKI where you can check the status of your CA and renew the CA cert if necessary.
0
 

Author Comment

by:lianne143
ID: 38780414
Any tutorials as how to open the certificates MMC for the local computer,
- Personal and
     - look at the computer certificate issued to the NPS

will be helpful

Thanks
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 38780535
Run MMC.exe.  Under File > Add/Remove Snap-in > select Certificates > click Add > select Computer Account > Next > Local computer > Finish > OK.  Expand Personal > Certificates > look for the cert named like your NPS (might be the only one) and double-click it.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question