View the certificate and see which isn't trusted? Use certutil to do the same?
From: Troy Adkins [mailto:[email protected]] Sent: Thursday, February 16, 2012 3:01 PM To: NT System Admin Issues Subject: Cert Error - Reason Code 295 I have a CA in one Forest and a Sub CA in another Forest that I validate certs. The cert in the Sub CA expired and I'm trying to issue a new one. The tech in the Sub CA creates a request for a cert in his Forest/Domain. I get it and create the cert for him and send it back. This is for our wireless network. We have Forest Trusts set between the 2 Forests... When he tries to use it, the below error is recorded in the Event logs, on my IAS server. I/We can't seem to put our fingers on what is the problem. I've added the sub cert to the Trusted Root of Authority and it is verified. Reason-Code = 295 Reason = A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider Troy Adkins Network Administrator Virginia House of Delegates General Assembly Bldg. Room 815 804.698.1567 (O) 804.771.7917 (F) [email protected]<mailto:[email protected]> http://legis.virginia.gov<http://legis.virginia.gov/> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
