Click here to get back home

Can't find valid certificate
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Can't find valid certificate Andrew 06-27-2006
Posted by Andrew on June 27, 2006, 12:27 pm
Please log in for more thread options
 I'm having a problem authenticating with 802.1x over EAP-TLS. There error
I'm getting is 798, which means that a certificate could not be found that
can be used with that Extensible Authentication Protocol (EAP). If I look
at my certificates, I see one in my personal cert store that has the Client
Authentication privledge, so I know it's there (it also let me log onto my
machine with it.)

Can anyone offer troubleshooting advice on things I could do to pinpoint the
problem? Would using Certutil.exe be helpful or is there any way to verify
that the certificate I'm seeing is actually valid and able to be used with
EAP-TLS?

Thanks,
Andrew



Posted by Steven L Umbach on June 27, 2006, 1:44 pm
Please log in for more thread options
 A couple things to check is that the IAS server trusts the issuing CA for
that user certificate, that the certificate is valid [check the valid
dates], and check the logs of the IAS server to see if anything helpful is
recorded there. I would also try requesting a new user certificate also to
see if that works or not. Also check the authentication properties of the
wireless connection and make sure that you have the correct selection for
"when connecting" - use a smart card or use a certificate and try enabling
or disabling use simple certificate selection to see if that makes a
difference or not. --- Steve


> I'm having a problem authenticating with 802.1x over EAP-TLS. There error
> I'm getting is 798, which means that a certificate could not be found that
> can be used with that Extensible Authentication Protocol (EAP). If I look
> at my certificates, I see one in my personal cert store that has the
> Client
> Authentication privledge, so I know it's there (it also let me log onto my
> machine with it.)
>
> Can anyone offer troubleshooting advice on things I could do to pinpoint
> the
> problem? Would using Certutil.exe be helpful or is there any way to
> verify
> that the certificate I'm seeing is actually valid and able to be used with
> EAP-TLS?
>
> Thanks,
> Andrew
>
>



Posted by Andrew on June 28, 2006, 12:36 pm
Please log in for more thread options
Thanks Steve. Turns out the cert was just fine. I ended up solving the
problem by enabling notifications in the Network properties panel. Weird,
eh? By having that deselected it wasn't asking me for the smartcard PIN and
was keeping 802.1x from authenticating. I think they should rename that
checkbox to something more clear. Instead of "Show icon in notification
area when connected" maybe it should say "Enable network connection
notifications "

> A couple things to check is that the IAS server trusts the issuing CA for
> that user certificate, that the certificate is valid [check the valid
> dates], and check the logs of the IAS server to see if anything helpful is
> recorded there. I would also try requesting a new user certificate also to
> see if that works or not. Also check the authentication properties of the
> wireless connection and make sure that you have the correct selection for
> "when connecting" - use a smart card or use a certificate and try enabling
> or disabling use simple certificate selection to see if that makes a
> difference or not. --- Steve
>
>
> > I'm having a problem authenticating with 802.1x over EAP-TLS. There
error
> > I'm getting is 798, which means that a certificate could not be found
that
> > can be used with that Extensible Authentication Protocol (EAP). If I
look
> > at my certificates, I see one in my personal cert store that has the
> > Client
> > Authentication privledge, so I know it's there (it also let me log onto
my
> > machine with it.)
> >
> > Can anyone offer troubleshooting advice on things I could do to pinpoint
> > the
> > problem? Would using Certutil.exe be helpful or is there any way to
> > verify
> > that the certificate I'm seeing is actually valid and able to be used
with
> > EAP-TLS?
> >
> > Thanks,
> > Andrew
> >
> >
>
>



Posted by Steven L Umbach on June 28, 2006, 2:33 pm
Please log in for more thread options
That is weird and never occurred to me as a possibility and I have read a
lot of docs on wireless 802.1X. Great job in tracking that down and thanks
for reporting back what you found. It might save many others grief when they
are trying to figure out the same problem as they search newsgroup
osts. --- Steve


> Thanks Steve. Turns out the cert was just fine. I ended up solving the
> problem by enabling notifications in the Network properties panel. Weird,
> eh? By having that deselected it wasn't asking me for the smartcard PIN
> and
> was keeping 802.1x from authenticating. I think they should rename that
> checkbox to something more clear. Instead of "Show icon in notification
> area when connected" maybe it should say "Enable network connection
> notifications "
>
>> A couple things to check is that the IAS server trusts the issuing CA for
>> that user certificate, that the certificate is valid [check the valid
>> dates], and check the logs of the IAS server to see if anything helpful
>> is
>> recorded there. I would also try requesting a new user certificate also
>> to
>> see if that works or not. Also check the authentication properties of the
>> wireless connection and make sure that you have the correct selection for
>> "when connecting" - use a smart card or use a certificate and try
>> enabling
>> or disabling use simple certificate selection to see if that makes a
>> difference or not. --- Steve
>>
>>
>> > I'm having a problem authenticating with 802.1x over EAP-TLS. There
> error
>> > I'm getting is 798, which means that a certificate could not be found
> that
>> > can be used with that Extensible Authentication Protocol (EAP). If I
> look
>> > at my certificates, I see one in my personal cert store that has the
>> > Client
>> > Authentication privledge, so I know it's there (it also let me log onto
> my
>> > machine with it.)
>> >
>> > Can anyone offer troubleshooting advice on things I could do to
>> > pinpoint
>> > the
>> > problem? Would using Certutil.exe be helpful or is there any way to
>> > verify
>> > that the certificate I'm seeing is actually valid and able to be used
> with
>> > EAP-TLS?
>> >
>> > Thanks,
>> > Andrew
>> >
>> >
>>
>>
>
>



Similar ThreadsPosted
Key Distribution Center (KDC) cannot find a suitable certificate July 24, 2008, 10:55 am
LSASS Memory Bug still valid? February 20, 2006, 11:05 am
Problem setting the "Valid To" for EFS certificates July 5, 2006, 9:57 am
Find SID for a local user Account March 6, 2006, 3:05 pm
Find Huge MCSE resources... June 26, 2007, 6:40 am
Unable to find Key Recovery Agent template!!! July 8, 2005, 11:28 am
How could I find invisible user in admin group? August 12, 2005, 8:34 am
where to find a list of Windows 2003 security event id's ? October 26, 2006, 8:44 am
kerberos realm trust: how to find the realm for a service? August 4, 2005, 7:50 pm
"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages September 21, 2006, 1:31 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap