Solved

Where do i check  the Certificate used for wireless authentication is expired or not ?

Posted on 2013-01-15
3
935 Views
Last Modified: 2013-02-01
Hi

We have windows 2008 Active Directory and also it is our Radius server. We have XP as a client.
We use Cisco 4400 Series Controller and Cisco Aironet 1142 Wireless-N Access points .
The Laptops were connecting automatically into the wireless network once they are joined to the domain and adding the laptop to the wireless security group in the AD.
All of sudden all the 20 laptops got disconnected from our wireless network.

The Laptops can detect our wireless network if i refresh the wireless network. On the system tray the pop says:

Windows was unable to log you on to the network MDomain. (MDomain is our SSID)

The wireless network got disconnected on  10 december. In saw the event iD on this particular date in the Radius server .

Source: CertificationAuthority
EventID:58
A certificate in the chain for CA certificate 0 for TullipCA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

Source: CertificationAuthority
EventID:94
Active Directory Certificate Services TullipCA can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

I logged into the wireless controller and under Monitor I get continious logs  under - Most recent traps:
It says

AAA Authentication Failure for UserName:host/LAPTOP1.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP2.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP3.domain.local User Type: WLAN USER

Where  do in check if the  certificate (TullipCA) is expired  or not  which is named in the event viewer log. Will the certificate be named as TullipCA ?

Any help much appreciated

Thanks
0
Comment
Question by:lianne143
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 38779759
On the NPS (RADIUS) I would open the certificates MMC for the local computer, go to Personal and look at the computer certificate issued to the NPS.  Under the Certification Path tab you can see the chain that is used and the status of each cert.

If it's just the cert for the NPS that is expired, you can renew it using the MMC.

For the CA, log in to it, and under Server Manager, AD CS role you should see Enterprise PKI where you can check the status of your CA and renew the CA cert if necessary.
0
 

Author Comment

by:lianne143
ID: 38780414
Any tutorials as how to open the certificates MMC for the local computer,
- Personal and
     - look at the computer certificate issued to the NPS

will be helpful

Thanks
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 38780535
Run MMC.exe.  Under File > Add/Remove Snap-in > select Certificates > click Add > select Computer Account > Next > Local computer > Finish > OK.  Expand Personal > Certificates > look for the cert named like your NPS (might be the only one) and double-click it.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question