server 2003 IAS WiFi "validate server certificate"

-

i have asked 1 question in windows 7 forum. found here maybe can solve problem.

------------------------------------------------------------------------------------------------------------

before, used self-sign certificate, , used gpo deploy certificate "trusted root certification authorities".win7 client can pass validation,and can use wifi.

now geotrust certificate,then replaced self-sign certificate,

and changed "validate server certificate" "geotrust global ca":

win7 client can not pass validation,can not used wifi.

0

ias error:

event id: 2

computer:  106

description:

user cn\xadsnw deny。

fully-qualified-user-name = tt.aa.org/it/xadsnwnas-ip-address = 10.113.0.50  nas-identifier = mc-01  called-station-identifier = 203a.0797.e840  calling-station-identifier = 0811.9613.999c  client-friendly-name = mc-01  client-ip-address = 10.113.0.50  nas-port-type = wireless - ieee 802.11  nas-port = 23785  proxy-policy-name =for user

authentication-provider = windows

authentication-server = <na>

policy-name = wireless

authentication-type = peap

eap-type = <na>

reason-code = 16

reason = authentication not successful because unknown user name or incorrect password.

http://go.microsoft.com/fwlink/events.asp

data:

0000: 0c 03 09 80       

-------------------------------------------------------------------------------------------------------

0

we searched solution bing , google. got 1 solution:disselect"validate server certificate",we test it, yes works.

0

ias information:

event id:    1

computer:     106

description:

user cn\xadsnw ..

fully-qualified-user-name = tt.aa.org/it/xadsnw

nas-ip-address = 10.113.0.50

nas-identifier = mc-01

client-friendly-name = mc-01

client-ip-address = 10.113.0.50

calling-station-identifier = 0811.9613.999c

nas-port-type = wireless - ieee 802.11

nas-port = 23794

proxy-policy-name =forall users

authentication-provider = windows

authentication-server = <na>

policy-name = wireless

authentication-type = peap

eap-type =受保护的密码(eap-mschap v2)

http://go.microsoft.com/fwlink/events.asp

0000: 00 00 00 00          

---------------------------------------------------------------------------------

question:

1,if we disselect"validate server certificate",will data transmissionbetween client , ap continue encrypted?

2,if have select "validate server certificate", how do?

3,geotrust global ca should root certification authorities of our certificate, test certificate iis, certificate works well outsite. maybe need add selection "connect these servers:"?but these servers?

adsnow

1,if we disselect"validate server certificate",will data transmissionbetween client , ap continue encrypted?

=> yes. checkbox used authentication of nps , create tls tunnel peap. if clear checkbox, validity of certificate not checked.

2,if have select "validate server certificate", how do?

=> clients able download crl geotrust. because when client computers validates nps server certificate, need access crl verify cert not on list

3,geotrust global ca should root certification authorities of our certificate, test certificate iis, certificate works well outsite. maybe need add selection "connect these servers:"?but these servers?

=> in connect these servers field, here can specify fqdn of nps servers seperated semicolon

johan loos



Windows Server  >  Network Access Protection



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more