Your code should be fine. When I said enrollment url I should have said cdp url on the CA server. That has affected clients obtaining certs for me in the past.
Crypto pki server XXXX Cdp-url http://X.X.X.X/cgi-bin/pkiclient.exe?operation=GetCRL -- Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com. From: Badar Farooq <[email protected]> Date: Sat, 6 Mar 2010 10:00:35 +0300 To: Brandon Carroll <[email protected]> Cc: Kingsley Charles <[email protected]>, Tyson Scott <[email protected]>, Simon Baumann <[email protected]>, <[email protected]> Subject: Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling VPN-Client). Hi All My IOS is 12.4(15)T9, so I should not have an issue right? Also Brandon, what do you mean by "Also check the URL on the PKi server and make sure it has the "?" Mark in the URL. "? My enrollment URL was http://x.x.x.x/cgi-bin/pkiclient.exe, where x.x.x.x is the IP of the CA server router. Is it wrong? I am testing it on a single one router dynamips topology. and I will try again with cdp url configured and database level complete but I need a confirmation that everything else I am doing is correct. Can somebody just detail the step by step process. I will be really grateful. Regards On Sat, Mar 6, 2010 at 7:28 AM, Brandon Carroll <[email protected]> wrote: > Kings, > > I¹ve had the same issue in testing and upgrading to the T2 code solved it. > With me, the enrollment was successful but the tunnel failed because of the > way the client was verifying the cert. Another thing that I¹ve seen make it > work is setting the database level to complete on the PKI server. I¹m not > sure why there was a difference though. I need to test it again. > > Anyhow, if you are still seeing this issue what code are you running on the > PKI server and what URL are you using to enroll the client? Do you have the > cdp-url configured? What is that URL? > > -- > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > <http://www.ipexpert.com/chat> > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United States, > Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities <http://www.ipexpert.com/communities> and our > public website at www.ipexpert.com <http://www.ipexpert.com> . > > > > From: Kingsley Charles <[email protected]> > Date: Sat, 6 Mar 2010 09:38:54 +0530 > To: Tyson Scott <[email protected]> > Cc: <[email protected]>, Simon Baumann <[email protected]>, > <[email protected]> > > Subject: Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling > VPN-Client). > > > For the past two, I am also facing the issue on my local test bed. In the > client logs, it says something like the header is empty. > > It seems the server is not responding but at the same I am able to enroll the > routers to the CA. > > There is some kind of bug. > > Why can't we do this directly using Windows? > > > Open the MMC and Add a snap shot for the certification. Select Personal and > right > All Tasks > Request New Certificate. > > But I have not able to go through, as it says I don't have admin rights or > cannot contact active directory > > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us > /sag_cmreqcerts.mspx?mfr=true > > > After getting the cert on the windows certificate personal folder, you can see > that in the client. > > > If anyone suceeds, please let me know. > > > With regards > Kings > > > > > With regards > Kings > > > > On Sat, Mar 6, 2010 at 4:25 AM, Tyson Scott <[email protected]> wrote: >> Team, >> >> Our support team is in the middle of upgrading all our racks to get past this >> problem. I believe it to be a problem with the 12.4(24)T1 code. 12.4(15)T9 >> should also be in the flash of all the routers and if you use that it will >> work fine. I hope to have all the racks upgraded very soon. >> >> Regards, >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> Technical Instructor - IPexpert, Inc. >> Mailto: [email protected] <mailto:[email protected]> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> <http://www.ipexpert.com/chat> <http://www.ipexpert.com/chat> >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, >> Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service >> Provider) Certification Training with locations throughout the United States, >> Europe and Australia. Be sure to check out our online communities at >> www.ipexpert.com/communities <http://www.ipexpert.com/communities> >> <http://www.ipexpert.com/communities> and our public website at >> www.ipexpert.com <http://www.ipexpert.com> <http://www.ipexpert.com/> >> >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Badar Farooq >> Sent: Friday, March 05, 2010 4:31 PM >> To: Simon Baumann >> Cc: [email protected] >> Subject: Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling >> VPN-Client). >> >> >> >> I am also struggling with this error. >> I have checked my configuration and its otherwise sound. >> Same CA successfully issues certificates to other routers. By I cant enroll >> my VPN Client. >> I am using http://x.x.x.x/cgi-bin/pkiclient.exe as CA url in the vpn client >> config and i keep getting error 42. >> Any help will be appreciated >> >> Regards >> >> On Wed, Jan 6, 2010 at 5:48 PM, Simon Baumann <[email protected]> >> wrote: >> Hi, >> I got a question about task 4.6 of Lab 4. The task requires that the VPN >> Client has to enroll with R2 to obtain idendity certificate. I get "Error 42" >> on the VPN Client. >> If I got everything right, R2 doesn't have to seem and route back to the XP >> WS. So the XP WS will never be able the enroll until I set an route on R2 to >> reach the XP WS. >> Is that correct? TIA. >> >> Cheers >> Simon >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com <http://www.ipexpert.com> <http://www.ipexpert.com/> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com <http://www.ipexpert.com> <http://www.ipexpert.com/> >> >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com <http://www.ipexpert.com> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com <http://www.ipexpert.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
