Hi Brandon I am using 12.4 (24)T2 advsececurity.
I am using level of minimum and enrolling with url http://x.x.x.x/cgi-bin/pkicleint. It worked for previously with the same image. There are two differences in my current CA config compared to that off the working config. One is that I have put the CDP URL and level of minimum. I am using the CDP url that you have mentioned. Either of one is causing the issue and I guess level is the reason. With regards Kings With regards Kings On Sat, Mar 6, 2010 at 9:58 AM, Brandon Carroll <[email protected]>wrote: > Kings, > > I’ve had the same issue in testing and upgrading to the T2 code solved it. > With me, the enrollment was successful but the tunnel failed because of the > way the client was verifying the cert. Another thing that I’ve seen make it > work is setting the database level to complete on the PKI server. I’m not > sure why there was a difference though. I need to test it again. > > Anyhow, if you are still seeing this issue what code are you running on the > PKI server and what URL are you using to enroll the client? Do you have the > cdp-url configured? What is that URL? > > -- > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com. > > > ------------------------------ > *From: *Kingsley Charles <[email protected]> > *Date: *Sat, 6 Mar 2010 09:38:54 +0530 > *To: *Tyson Scott <[email protected]> > *Cc: *<[email protected]>, Simon Baumann <[email protected]>, > <[email protected]> > > *Subject: *Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling > VPN-Client). > > > For the past two, I am also facing the issue on my local test bed. In the > client logs, it says something like the header is empty. > > It seems the server is not responding but at the same I am able to enroll > the routers to the CA. > > There is some kind of bug. > > Why can't we do this directly using Windows? > > > Open the MMC and Add a snap shot for the certification. Select Personal and > right > All Tasks > Request New Certificate. > > But I have not able to go through, as it says I don't have admin rights or > cannot contact active directory > > > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_cmreqcerts.mspx?mfr=true > > > After getting the cert on the windows certificate personal folder, you can > see that in the client. > > > If anyone suceeds, please let me know. > > > With regards > Kings > > > > > With regards > Kings > > > > On Sat, Mar 6, 2010 at 4:25 AM, Tyson Scott <[email protected]> wrote: > > Team, > > Our support team is in the middle of upgrading all our racks to get past > this problem. I believe it to be a problem with the 12.4(24)T1 code. > 12.4(15)T9 should also be in the flash of all the routers and if you use > that it will work fine. I hope to have all the racks upgraded very soon. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > Mailto: [email protected] <mailto:[email protected]><[email protected]> > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > <http://www.ipexpert.com/chat> <http://www.ipexpert.com/chat> > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities > <http://www.ipexpert.com/communities><http://www.ipexpert.com/communities> > and our public website at > www.ipexpert.com <http://www.ipexpert.com/> <http://www.ipexpert.com/> > > > *From:* [email protected] [ > mailto:[email protected]]<[email protected]]> > *On Behalf Of *Badar Farooq > *Sent:* Friday, March 05, 2010 4:31 PM > *To:* Simon Baumann > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] Vol1, Lab 4: task 4.6 (enrolling > VPN-Client). > > > > I am also struggling with this error. > I have checked my configuration and its otherwise sound. > Same CA successfully issues certificates to other routers. By I cant enroll > my VPN Client. > I am using http://x.x.x.x/cgi-bin/pkiclient.exe as CA url in the vpn > client config and i keep getting error 42. > Any help will be appreciated > > Regards > > On Wed, Jan 6, 2010 at 5:48 PM, Simon Baumann <[email protected]> > wrote: > Hi, > I got a question about task 4.6 of Lab 4. The task requires that the VPN > Client has to enroll with R2 to obtain idendity certificate. I get "Error > 42" on the VPN Client. > If I got everything right, R2 doesn't have to seem and route back to the XP > WS. So the XP WS will never be able the enroll until I set an route on R2 to > reach the XP WS. > Is that correct? TIA. > > Cheers > Simon > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com/><http://www.ipexpert.com/> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com/><http://www.ipexpert.com/> > > > > ------------------------------ > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
