19 มีนาคม 2553 15:54Hello,
I am using smart cards to log into a Microsoft 2003 domain with Windows XP Pro desktops. The smart card certificates were issued by a third party certificate authority. The CRL locations are available via highly reliable internet locations. All workstations and servers have access to the CRL URLs. Although network log on with the smart card is usually successful, there are times when a user cannot log on or unlock their workstation.
An event found in the System log on the domain controller says "The certificate is not valid for the intended usage."
The user sees the message "The certificate used for authentication was not trusted" on their workstation.
I am almost certain this is due to CRL retrieval during either the certificate chain building or validation process.
My question is:
How do I determine exactly what is failing?
I understand there are several places on a computer a CRL can be stored but how do I verify which location is being used for cached CRL lookup? If CAPI is determining it needs to retrieve a CRL using CRLDP or AIA, I need to determine why retrieval is failing.
If I have missed something obvious, please feel free to point it out.
Thank you for your time and consideration.
23 มีนาคม 2553 23:56
Sorry, this is not the correct forum to ask that question.
This forum is Office Communication Server related
You might try to post this question in the following forum
- Belgian Unified Communications Community : http://www.pro-exchange.be -
24 มีนาคม 2553 13:26
Thank you for pointing me in the right direction. I posted in the first security form I found and did not realize I had posted in an Office forum. I have posted this in the Server Security section where I noticed other certificate questions.
Thank you again.