If you haven’t already resolved this…
Don’t use the DC template. What you want is the RAS and IAS Servers template. This certificate template needs to be permissioned and configured properly one time. You may also need to adjust your default domain policy. Then you add your NPS server to the RAS and IAS Servers AD group and your server will autoenroll the correct cert. http://technet.microsoft.com/en-us/library/cc754198.aspx -Malcolm From: Jay Dale [mailto:jd...@emlogis.com] Sent: Saturday, August 28, 2010 10:15 To: NT System Admin Issues Subject: RE: Certificate and PEAP No one have any ideas? This one must be a toughie – I put in on EE which typically gets a quick response but nothing there yet either…L Jay Dale Senior Systems Administrator o:713.785.0960 x290 From: Jay Dale [mailto:jd...@emlogis.com] Sent: Friday, August 27, 2010 9:55 AM To: NT System Admin Issues Subject: Certificate and PEAP Hey all, I’m trying to set up a Cisco Wifi Access Point on our network and use NPS with PEAP authentication so it will connect the users via their user account or computer account. I’ve set up a CA on Windows Ent. 2008 64bit and gone through all the steps on creating the GPO, setting up NPS for Wired Authentication, etc. However, I have one sticking point. When I go into NPS and look at the properties of the network wifi policy, then under Constraints, then PEAP and choose Edit, I get the error: “A certificate could not be found that can be used with this Extensible Authentication Protocol”. So, no worries. I go into the Certificates console, request a Domain Controller certificate, then when I go back and edit the cert shows up and the clients can connect fine. Problem is, later on I lose connection and go back and check this setting and I get the error again, meaning the cert isn’t sticking. Is there a way to keep this cert from getting removed and keeping it there? Thanks, Jay Description: Description: http://www.emlogis.com/images/image3.jpg Jay Dale Senior Systems Administrator P 713.785.0960 Ext 290 | F 713.785.0986 | C 832.373.7883 jd...@emlogis.com | www.emlogis.com <http://www.emlogis.com/> Service Desk C 877.523.5896 | E <mailto:supp...@emlogis.com> supp...@emlogis.com Description: Description: http://www.emlogis.com/images/imageEmail3.jpg This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. งง 2510-2521 and is legally privileged. The information contained in this Email is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone (toll-free) at 877-523-5896, and destroy the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: malcolm.re...@live.com. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8227716.c81258d7c7cab9dce5605ee9468e1 a65 <http://lyris.sunbelt-software.com/u?id=8227716.c81258d7c7cab9dce5605ee9468e 1a65&n=T&l=ntsysadmin&o=9077695> &n=T&l=ntsysadmin&o=9077695 (It may be necessary to cut and paste the above URL if the line is broken) or send a blank email to leave-9077695-8227716.c81258d7c7cab9dce5605ee9468e1...@lyris.sunbelt-softwar e.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>
<<image002.jpg>>
