We commonly see this when the time/date on the computer isn't correct or in a few cases the computer didn't have any root certificates installed. I don't think I have had any instances where I needed to turn off CRL checking in IE. I'd verify these things first.
--Jeremy On Wed, Oct 28, 2009 at 17:41, Aaron Abitia <[email protected]> wrote: > Thanks...we are using Thawte certs...from a couple other responses in this > thread, it looks like this is probably another facet of a known Cisco bug > that affects Vista, even though my machine in question is XP and other CCA > admins have seen this same issue on XP too. > > http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy37405 > > -Aaron > > On Wed, Oct 28, 2009 at 8:30 AM, Daniel Sichel <[email protected]> > wrote: >> >> >Hello folks, >> > >> >I have a Windows machine running XP Pro/Home that is getting a message >> >intermittently when logging in. The message displays after the Agent >> pops >> >up and the user hits "enter" to login. It is, "Revocation information >> for >> >the security certificate for this site is not available. Do you want >> to >> >proceed?" If the user hits "yes", then go on as normal with the login >> and >> >can get on the network. If the user hits "view certificate", they can >> view >> >the certificate information from our CCA server and has the option to >> hit a >> >button to "install certificate", which they did only most recently, >> then >> >they can get on the network as well. At no time has the user not been >> able >> >to get on the network. We have valid certs installed, and this message >> >doesn't happen everytime, only sometimes. Just trying to ascertain >> what the >> >message means and why it happens when it does...I know that the Agent >> uses >> >cert information from installed browsers on a machine, but why does >> this >> >message come up on this machine and not all the others, is the >> question. >> >Why did the user get asked this one time and not all the other times >> that >> >they logged in? It seems to come and go. Cisco has provided me info >> on how >> >to make it go away, so that part is fine, but I'm looking for the "why" >> >part. Many thanks for any insight. >> > >> >> If you are using Windows Server(s) for your trusted root cert server, go >> to the manager and tell it to publish revocation information. I had this >> exact issue and nobody could log in. For some reason the windows >> revocation publication stops from time to time. >> >> Dan Sichel >> Ponderosa Telephone > > > > -- > Aaron Abitia > Network Analyst > Network Administration, ITS > Cal Poly State University > Tel: 805.756.1295 >
