"Windows was unable to find a certificate to log you on to the network contoso..."


context:

 

-- windows 2008 sp2 server acting dc / ca / nps (note: virtual machine running in vmware workstation 6.5)

-- xp sp3 client

-- linksys wireless router (wpa compatible) - tkip, not aes

 

i setting wireless network, using combination of wpa-radius / 802.1x / eap-tls.

 

i @ testing stage domain name contoso time being. 

 

when (test) laptop boots, obtains ip address wap (acting dhcp server) , can both ping dc / ca / nps server , pinged machine (provided adjust firewall settings needed).

 

the laptop "sees" ssid of preferred network , attempts connect automatically.

 

that, gpresult , rsop.msc output, demonstrates group policy effect being applied.

 

the appropriate (computer) certificate ("client authentication" role) present in certificate store of client.

 

it installed when laptop first connected network via wired media.

 

the server has certificate "server authentication" role installed.

 

event viewer, set @ default levels of logging, not display obvious errors (nothing obvious pertaining problem in question).

 

wireshark (installed on dc / ca / nps shows radius traffic among others - ldap, etc.).

 

yet... message displayed in "bubble" above wireless connection icon in taskbar of laptop:

 

"windows unable find certificate log on network contoso."

 

there tons of references online read far people using psk or form of authentication other certificate based authentication / 802.1x , unchecking related settings given solution.

however, want use 802.1x authentication eap-tls.

this screenshot (on windows live - skydrive) of certificate properties defined in gpo used deploy cert:

http://tprkzw.blu.livefilestore.com/y1pnb36_ydr3unby0vsu--ga2ftwjz0l5s91dmn3dntfqo5aljnrsbptpq9fyxpbdfenyt0mktmsjqtvr0f1kuebdatm0fo8hov/logon-prb-01.jpg?psid=1

has encountered problem?

what am i doing wrong?

hi,

according screen shot provided, noticed authentication mode user re-authentication. know computer certificate available on client computer. please confirm if user has got valid user certificate.

meanwhile, narrow down cause of issue, you can select computer-only authentication , check result.

how enable computer-only authentication 802.1x-based network in windows vista, in windows server 2008, , in windows xp service pack 3
http://support.microsoft.com/kb/929847

hope helps.


this posting provided "as is" no warranties, , confers no rights. please remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread.


Windows Server  >  Security



Comments

Popular posts from this blog

CRL Revocation always failed

Failed to query the results of bpa xpath

0x300000d errors in Microsoft Remote Desktop client