"=?Utf-8?B?WmFyYm9yZw==?=" <(E-Mail Removed)> wrote in
news:3A5A2FAA-98B5-491A-9997-(E-Mail Removed):
> I'm trying to get setup 802.1x using PEAP in my development domain.
> I'm getting an error message saying:
> "A certificate could not be found that can be used with this
> Extensible Authentication Protocol"
> When attempting to hit the configure button next to Protected EAP
> selection box in IAS server configuring a new Wireless policy. I know
> this relates to the machine having a computer certificate that is
> trusted and that may be used for this purpose.
> I think that I have followed all the steps necessary to make this
> work, having read the Enterprise Deployment of Secure 802.11 Networks
> Using Microsoft Windows article.
> Here is what I have done so far since I think I'm just missing
> something so obvious it's killing me.
> 1) Setup an Active Directory domain on a Windows 2003 Enterprise
> server running in Windows 2003 Native mode
> 2) Setup a standalone root CA on a separate server with the web
> enrollment piece enabled
> 3) Installed an Enterprise Subordinate CA on the domain controller,
> generated the certificate request, issued one through the web console
> and imported that certificate into the issuing server.
> 4) Setup a new GPO that allowed for autoenrollment of computer
> certificates and imported the Root CA Certificate as a Trusted Root
> Certificate in the GPO 5) Made a copy of the "computer" certificate
> type in the Manage CA console and setup the security so that
> workstations, servers and domain controllers could autoenroll the
> cert. 5) Went back to the GPO and setup this new certificate for
> autoenrollment 6) Went to AD Users/Computers and created a new
> security group for wireless access to be used with the IAS policy and
> added a few test users to it 7) Forced an update of the computer group
> policy and verified that the certificate was installed on the domain
> controller through the issuing Certificate Authority and the
> Local/Computer certificate mmc snapin. 8) Installed the IAS server and
> made sure to validate it for looking up information in AD
> 9) Setup a new Radius client for my access point being used for this
> test 10) Attempted to configure the new Remote Access Policy using the
> wireless wizard in IAS and this is where I get my error message.
>
> What the heck did I miss? I know it must be something simple so I
> even tried to reboot the machine thinking maybe something just needed
> to initialize correctly. But I'm stumped. It looks like I did
> everything according to the instructions so if another set of eyes
> could just look at these steps and tell me what I missed, I would be
> ever so grateful.
>
Are you attempting to deploy PEAP-MS-CHAP v2 or PEAP-TLS?
For the server cert, make sure the cert meets the minimum server cert
requirements in the Help topic "Network access authentication and
certificates" in Windows Server 2003 IAS or VPN Help, or on the web at
http://www.microsoft.com/technet/pro...3/library/Serv
erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Similar Threads
Linear Mode
