Sorry—my list time is spotty these days. Ugh, yes, we ran into this ugly problem—I don’t have links handy nor remember all of the details as I didn’t do the research on this one, but our network admin did a ton of searching and troubleshooting on this with our new Aruba gear (for weeks). Seems there is something off with these settings working out of the box.
IIRC, the solution he finally found was that we had to implement a GPO to the
NPS server (computer account) that disables the auto-enrollment of certs.
Something with AD auto-enrollment doesn’t allow the correct cert to be
enrolled. Specifically, you set
\Computer config\Windows Settings\Security Settings\Public Key
Policies\Certificat Services Client – Auto-Enrollment Settings
Automatic certificate management Disabled
After that, you can manually enroll the certificate needed via the certificates
mmc, and then when you click on the edit button, you should have some options
available.
That might not be the exact order, but maybe you can figure it out from there.
I can dig further to find the referenced link, but I’m not sure I still have it.
-Bonnie
From: Jay Dale [mailto:[email protected]]
Sent: Saturday, August 28, 2010 8:15 AM
To: NT System Admin Issues
Subject: RE: Certificate and PEAP
No one have any ideas? This one must be a toughie – I put in on EE which
typically gets a quick response but nothing there yet either…:(
Jay Dale
Senior Systems Administrator
o:713.785.0960 x290
From: Jay Dale [mailto:[email protected]]
Sent: Friday, August 27, 2010 9:55 AM
To: NT System Admin Issues
Subject: Certificate and PEAP
Hey all,
I’m trying to set up a Cisco Wifi Access Point on our network and use NPS with
PEAP authentication so it will connect the users via their user account or
computer account. I’ve set up a CA on Windows Ent. 2008 64bit and gone through
all the steps on creating the GPO, setting up NPS for Wired Authentication,
etc. However, I have one sticking point.
When I go into NPS and look at the properties of the network wifi policy, then
under Constraints, then PEAP and choose Edit, I get the error:
“A certificate could not be found that can be used with this Extensible
Authentication Protocol”.
So, no worries. I go into the Certificates console, request a Domain
Controller certificate, then when I go back and edit the cert shows up and the
clients can connect fine. Problem is, later on I lose connection and go back
and check this setting and I get the error again, meaning the cert isn’t
sticking. Is there a way to keep this cert from getting removed and keeping it
there?
Thanks,
Jay
[cid:[email protected]]
Jay Dale Senior Systems Administrator
P 713.785.0960 Ext 290 | F 713.785.0986 | C 832.373.7883
[email protected]<mailto:[email protected]> |
www.emlogis.com<http://www.emlogis.com/>
Service Desk C 877.523.5896 | E [email protected]<mailto:[email protected]>
[cid:[email protected]]
This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C.
งง 2510-2521 and is legally privileged. The information contained in this Email
is intended only for use of the individual or entity named above. If the reader
of this message is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error, please
immediately notify us by telephone (toll-free) at 877-523-5896, and destroy the
original message.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
You are currently subscribed to ntsysadmin as:
[email protected]<mailto:[email protected]>.
To unsubscribe click here:
http://lyris.sunbelt-software.com/u?id=3945256.a0ddc69fc46a74382f0a5f45c30db9cf&n=T&l=ntsysadmin&o=9077695
(It may be necessary to cut and paste the above URL if the line is broken)
or send a blank email to
leave-9077695-3945256.a0ddc69fc46a74382f0a5f45c30db...@lyris.sunbelt-software.com<mailto:leave-9077695-3945256.a0ddc69fc46a74382f0a5f45c30db...@lyris.sunbelt-software.com>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin<<inline: image001.jpg>>
<<inline: image002.jpg>>
