|
Posted by Mr555 on August 22, 2006, 6:11 pm
Please log in for more thread options
3 months ago we migrated to windows 2003 Server.
We have moved the entire FSMO role from our old windows 2000 server “Corp”
to our new windows 2003 Server “Paul” Paul is now the forest root of our
network.
The ip address of Paul is 192.168.1.2
Few weeks ago our windows 2000 certificate server "Spoon" die, we decided to
rebuild the certificate server to windows 2003. The new certificate server is
now called "Mugen" and is configured as a stand-alone root CA member server.
The purpose of this certificate server is to authenticate VPN connection to
our network and is operate together with our netscreen VPN / firewall.
15 days ago, our VPN / firewall failing to retrieve CRL from certificate
server. Therefore VPN connections stop working.
Under extensive investigation, I have discovered we can only make our
VPN/firewll to automatically obtain CRL from the certificate server “Mugen” ,
if we specific the old LDAP server IP address “ corp.” which is 192.168.1.1,
if I enter the ip address of Paul 192.168.1.2 to the VPN/ firewall
certificate settings, the automatic CRL retrieve will fail.
I have checked with the firewall support team. They said netscreen does
support windows 2003 Server. They suspect I have not configured our
certificate server correctly to work under “Paul” LDAP Server.
Questions:
Are there any configuration or security policy I need to configure to allow
communication between LDAP “Paul” server and certificate server “ Mugen”?
I need to specific “Paul” as the LDAP server on the VPN setup instead of corp.
Server, please help
Thank you
Mr555
|