Solved

Where do i check  the Certificate used for wireless authentication is expired or not ?

Posted on 2013-01-15
3
899 Views
Last Modified: 2013-02-01
Hi

We have windows 2008 Active Directory and also it is our Radius server. We have XP as a client.
We use Cisco 4400 Series Controller and Cisco Aironet 1142 Wireless-N Access points .
The Laptops were connecting automatically into the wireless network once they are joined to the domain and adding the laptop to the wireless security group in the AD.
All of sudden all the 20 laptops got disconnected from our wireless network.

The Laptops can detect our wireless network if i refresh the wireless network. On the system tray the pop says:

Windows was unable to log you on to the network MDomain. (MDomain is our SSID)

The wireless network got disconnected on  10 december. In saw the event iD on this particular date in the Radius server .

Source: CertificationAuthority
EventID:58
A certificate in the chain for CA certificate 0 for TullipCA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

Source: CertificationAuthority
EventID:94
Active Directory Certificate Services TullipCA can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

I logged into the wireless controller and under Monitor I get continious logs  under - Most recent traps:
It says

AAA Authentication Failure for UserName:host/LAPTOP1.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP2.domain.local User Type: WLAN USER
AAA Authentication Failure for UserName:host/LAPTOP3.domain.local User Type: WLAN USER

Where  do in check if the  certificate (TullipCA) is expired  or not  which is named in the event viewer log. Will the certificate be named as TullipCA ?

Any help much appreciated

Thanks
0
Comment
Question by:lianne143
  • 2
3 Comments
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 38779759
On the NPS (RADIUS) I would open the certificates MMC for the local computer, go to Personal and look at the computer certificate issued to the NPS.  Under the Certification Path tab you can see the chain that is used and the status of each cert.

If it's just the cert for the NPS that is expired, you can renew it using the MMC.

For the CA, log in to it, and under Server Manager, AD CS role you should see Enterprise PKI where you can check the status of your CA and renew the CA cert if necessary.
0
 

Author Comment

by:lianne143
ID: 38780414
Any tutorials as how to open the certificates MMC for the local computer,
- Personal and
     - look at the computer certificate issued to the NPS

will be helpful

Thanks
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 38780535
Run MMC.exe.  Under File > Add/Remove Snap-in > select Certificates > click Add > select Computer Account > Next > Local computer > Finish > OK.  Expand Personal > Certificates > look for the cert named like your NPS (might be the only one) and double-click it.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question