sovran
asked on
NPS SSL Certificate Issue for Windows 7 Wireless Clients
Brand new Windows 7 Enterprise laptops will not connect to 802.1x internal wifi.
I have a GPO that creates the connection profile for the laptops.
I have a DigiCert SSL certificate installed on my NPS server (2008 R2 Enterprise) which is valid until 12/10/2014. It's selected in the Network Policy under the PEAP (with EAP-MSCHAP v2) configuration.
The certificate was issued by the DigiCert Secure Server CA which is in the Trusted Root Certification Authorities store on the local computer.
As a troubleshooting step I exported the certificate from the NPS server and imported it directly into the Trusted Root CA on one laptop and still was unable to connect.
The event log on the client shows two schannel errors:
Error 1/22/2014 2:37:33 PM Schannel 36888 The following fatal alert was generated: 45. The internal error state is 552.
Error 1/22/2014 2:37:33 PM Schannel 36881 The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.
I'm at a complete loss because as far as I can tell the certificate should be trusted. And as a note the client will not accept clearing the checkbox in the GPO to not check the certificate.
Any ideas?
I have a GPO that creates the connection profile for the laptops.
I have a DigiCert SSL certificate installed on my NPS server (2008 R2 Enterprise) which is valid until 12/10/2014. It's selected in the Network Policy under the PEAP (with EAP-MSCHAP v2) configuration.
The certificate was issued by the DigiCert Secure Server CA which is in the Trusted Root Certification Authorities store on the local computer.
As a troubleshooting step I exported the certificate from the NPS server and imported it directly into the Trusted Root CA on one laptop and still was unable to connect.
The event log on the client shows two schannel errors:
Error 1/22/2014 2:37:33 PM Schannel 36888 The following fatal alert was generated: 45. The internal error state is 552.
Error 1/22/2014 2:37:33 PM Schannel 36881 The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.
I'm at a complete loss because as far as I can tell the certificate should be trusted. And as a note the client will not accept clearing the checkbox in the GPO to not check the certificate.
Any ideas?
I think you need to uncheck the 'Validate Server Certificate' option in the PEAP properties page. You'll find this in the GPO you configured.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for posting back the solution you found.
ASKER
Because this fixed the issue without turning off certificate validation.
Also, if the event contains the cert, can you verify that it is the cert that you think it is?