Kings, I¹ve had the same issue in testing and upgrading to the T2 code solved it. With me, the enrollment was successful but the tunnel failed because of the way the client was verifying the cert. Another thing that I¹ve seen make it work is setting the database level to complete on the PKI server. I¹m not sure why there was a difference though. I need to test it again.
Anyhow, if you are still seeing this issue what code are you running on the PKI server and what URL are you using to enroll the client? Do you have the cdp-url configured? What is that URL? -- Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com. From: Kingsley Charles <[email protected]> Date: Sat, 6 Mar 2010 09:38:54 +0530 To: Tyson Scott <[email protected]> Cc: <[email protected]>, Simon Baumann <[email protected]>, <[email protected]> Subject: Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling VPN-Client). For the past two, I am also facing the issue on my local test bed. In the client logs, it says something like the header is empty. It seems the server is not responding but at the same I am able to enroll the routers to the CA. There is some kind of bug. Why can't we do this directly using Windows? Open the MMC and Add a snap shot for the certification. Select Personal and right > All Tasks > Request New Certificate. But I have not able to go through, as it says I don't have admin rights or cannot contact active directory http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en- us/sag_cmreqcerts.mspx?mfr=true After getting the cert on the windows certificate personal folder, you can see that in the client. If anyone suceeds, please let me know. With regards Kings With regards Kings On Sat, Mar 6, 2010 at 4:25 AM, Tyson Scott <[email protected]> wrote: > Team, > > Our support team is in the middle of upgrading all our racks to get past this > problem. I believe it to be a problem with the 12.4(24)T1 code. 12.4(15)T9 > should also be in the flash of all the routers and if you use that it will > work fine. I hope to have all the racks upgraded very soon. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > Mailto: [email protected] <mailto:[email protected]> > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > <http://www.ipexpert.com/chat> > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United States, > Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities <http://www.ipexpert.com/communities> and our > public website at www.ipexpert.com <http://www.ipexpert.com/> > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Badar Farooq > Sent: Friday, March 05, 2010 4:31 PM > To: Simon Baumann > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling > VPN-Client). > > > > I am also struggling with this error. > I have checked my configuration and its otherwise sound. > Same CA successfully issues certificates to other routers. By I cant enroll my > VPN Client. > I am using http://x.x.x.x/cgi-bin/pkiclient.exe as CA url in the vpn client > config and i keep getting error 42. > Any help will be appreciated > > Regards > > On Wed, Jan 6, 2010 at 5:48 PM, Simon Baumann <[email protected]> wrote: > Hi, > I got a question about task 4.6 of Lab 4. The task requires that the VPN > Client has to enroll with R2 to obtain idendity certificate. I get "Error 42" > on the VPN Client. > If I got everything right, R2 doesn't have to seem and route back to the XP > WS. So the XP WS will never be able the enroll until I set an route on R2 to > reach the XP WS. > Is that correct? TIA. > > Cheers > Simon > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com/> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com/> > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
