IAS - Security template for WAP, PEAP

I changed my security template, and lost the ability for my wireless clients
to authenticate. I use WAP, PEAP with certificates generated by my in house
Windows 2003 cert server.

Is there an example template somewhere of what security settings need to be
applied. My IAS server is a DC.

Currently my wireless clients see my wireless network, connect, but then
they sit for an extended period of time attempting to "validate identity"
eventually failing and the connection is ended.

I can go back to my old template, but I would prefer to understand the
security template better and what needs to be enabled / disabled in order to
make this work. I have gone through the security wizard a number of times,
and am not sure what I am missing.

I would be happy to supply more information, as to my configuration, etc.
All was working well, then I ran the security wizard in order to trouble
shoot an LDAP issue I was having with another application - resolved that
and lost my RPC for exchange and my authentication for my wireless.
Corrected the RPC issue, but have not been able to figure out what is
missing for WAP PEAP.

Thanks.




Fredrick A. Zilz

In news:(E-Mail Removed),
Fredrick A. Zilz <(E-Mail Removed)> stated, which I commented
on below:
> I changed my security template, and lost the ability for my wireless
> clients to authenticate. I use WAP, PEAP with certificates generated
> by my in house Windows 2003 cert server.
>
> Is there an example template somewhere of what security settings need
> to be applied. My IAS server is a DC.
>
> Currently my wireless clients see my wireless network, connect, but
> then they sit for an extended period of time attempting to "validate
> identity" eventually failing and the connection is ended.
>
> I can go back to my old template, but I would prefer to understand the
> security template better and what needs to be enabled / disabled in
> order to make this work. I have gone through the security wizard a
> number of times, and am not sure what I am missing.
>
> I would be happy to supply more information, as to my configuration,
> etc. All was working well, then I ran the security wizard in order to
> trouble shoot an LDAP issue I was having with another application -
> resolved that and lost my RPC for exchange and my authentication for
> my wireless. Corrected the RPC issue, but have not been able to
> figure out what is missing for WAP PEAP.
>
> Thanks.

I think if you can reapply the old template first to get you working.

My first thought is to think the template you applied included an IPSec
policy preventing this machine from communicating with others. Keep in mind,
if you apply a policy to one machine with restrictions, you need to apply
similar settings for all other machines to follow, such as in a GPO. Keep in
mind the sec templates can actually be applied as part of a GPO, under
Windows Settings, rt-click Security Settings, and choose to import. Be
careful and test this out with a test machine in a test OU.

Read this article on how templates work.

Overview to the Windows Server 2003 Security Guide:
http://www.microsoft.com/technet/sec...hg/sgch00.mspx

And run the Security and Analysis snapin to find out what exactly got
changed:
Security Configuration Tool Set in Windows 2000 and 2003:
http://www.microsoft.com/technet/pro.../seconfig.mspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.

The only thing in life is change. Anything less is a blackhole consuming
unnecessary energy.
===========================