Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Help needed with an expired RAS and IAS Server Certificate

Posted on 2014-01-06
2
894 Views
Last Modified: 2014-07-23
Recently my users started to experience problems getting onto our internal wireless network. As I am fairly new, I do not know how it is configured but through the event viewer I saw this - "The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate."

I have opened Certificate Services on the server (my NPS) and noticed that the certificate expired on 17th December.  I figured out how to create a new personal certificate but I am stuck as to what to do now.  Do I drag it into the Trusted Root Certificate Authority?  How do I deploy it?  I have found where I can do this in Group Policy but I cannot see how it was done before, that is to say that in Group Policy, the original certificate is not there.  How do I test this new certificate works and am I supposed to assign a key to it or something?

Any help would be gratefully received.
0
Comment
Question by:fuzzyfreak
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39760590
It may be that RAS doesn't use the NPS service for authentication.  If it doesn't you just need to renew the certificate on the NPS server and delete the expired one.

If you do use NPS for RAS authentication you'll need to choose the certificate to use.

In NPS, open Policies then Network Policies then find the policy which uses the certificate.  If you open the relevant policy there will be a drop-down box in either the Condition or Constraint which determines the authentication protocol.  This drop-down box allows you to choose which certificate to use.  Change it to the new certificate and that should be it.

If you're unsure where to go just post a screenshot of your NPS server's Network Policies page and I'll direct you from there.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 39762400
Many thanks for your help, I looked where you instructed me to and found where the certificate was configured but it gave a different date to the expired one and one that showed an expiry of 11th July this year.  I looked for the new one I created and though I think I found it (there were only four to choose from) this too gave me a completely different date.  The new one I created showed an expiry of twelve months time, this one gave me an expiry of 2019 - so I am left rather baffled.  Either way, changing the certificate did not resolve the issue so my boss took control and reconfigured our WAPs to use a pre-shared key, thus bypassing RADIUS/NPS.  To be honest, where we are located, this will suffice I think, so I would say this question is now redundant.

Thanks very much for your comprehensive assistance.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question