|
Posted by S. Pidgorny on September 16, 2006, 8:59 am
Please log in for more thread options The messages are self-explanatory: perhaps the CA isn't configured to issue
the machine certificates? Enable the template then.
I believe you need to do some basic reading on Microsoft CA - starting with
help files.
If you want to make it easy, the simple fact is - you don't need to make
sure the CA is working. You need to enroll for the certificate (can use
other CA like commercial) and that the certificate revocation list location
is available. CA doesn't even have to be online all the time.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
> Thanks for the answer.
>
> How can I make sure that the CA is installed correctly?
>
> I've skipped the chapter and started the IAS Installation.
>
> Before installing IAS on the server, I have to run a series of checks to
> ensure that a domain controller is contactable and that all the required
> tools have been installed. (MSSsetupCheckIASEnvironment)
>
> Output:
>
> Domain DC=test,DC=local:OK
> netdiag /?:OK
> Netdiag.exe install:OK
> Network tests: OK
> certutil -TemplateCAs Machine:failed
> No CA found to issue Machine certificate templates. Please check CA
> installation.
>
> There are two certificates under "Certificates (Local Computer)":
>
> server.test.local - certificate template: domaincontroller
> testcert - certificate template: certification authority
>
>
> "S. Pidgorny <MVP>" schrieb:
>
>> Guess you need to make sure the CA is installed and functional by some
>> sort
>> of manual process. In the PEAP setup it's only handful of certificates
>> that
>> you need - one for every IAS server. It comes to two certs per Windows
>> domain in enterprise rollouts.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> > Hello everybody,
>> >
>> > I?m working with Microsoft's article "Securing Wireless LANs with PEAP
>> > and
>> > Passwords" and want to evaluate this solution in an test-environment.
>> >
>> >
>> > I?m hanging in chapter 4: Building the Network Certification
>> >
Authorityhttp://www.microsoft.com/technet/security/topics/cryptographyetc/peap_4.mspx
>> >
>> > #I ensured that the domain is contactable and that the required tools
>> > have
>> > been installed.
>> >
>> > #After that i've installed the CA software components using the
>> > supplied
>> > script.
>> >
>> > #To verify a correct installation of the Certificate Services i have to
>> > run
>> > another supplied script (MSSsetup VerifyCAInstall):
>> >
>> > certutil -f -ca.cert radD545D.tmp.cer:failed
>> > Error retrieving the CA certificate.
>> >
>> > #I've configured a new standard w2k3 system
>> > #No hints in the eventlog
>> > #the Cert Service is started
>> >
>> > I?ve no idea at the moment and can't continue the installation.
>> >
>>
>>
>>
| 
XML Sitemap