locked
Please enter a valid certification authority RRS feed

  • Question

  • Dears,

    I have NAP with IPsec and below configuration:

    in My main Site 1 NAP Server (NPS+HRA) and 1 CA Server (Enterprise Root), I configured HRA with this main site CA this is working fine

    I deployed in my 2nd Site 1 NAP Server (NPS+HRA) and 1 CA Server (Enterprise Root) I configured HRA here with second site CA this is working fine

    When I try to add Second Site CA to my first site HRA, I got this error: Please enter a valid certification authority

    When I try to add Main Site CA to my second site HRA, I got this error: Please enter a valid certification authority

    • Please let me know where is the log file so I can know what the root coz
    • Please let me know if you find a solution for this issue

    Regards


    • Edited by Jean M Monday, July 6, 2015 5:00 PM
    Monday, July 6, 2015 10:27 AM

Answers

  • Hi Jean,

    I have tested it in my lab, this issue will happen when the client can’t access the CA server.

    It is recommended that you check the connection of the NAP server and the CA server first. Verify if the NAP server can resolve the FQDN of the CA server. In addition, you may check the state of the CA server, verify if the CA server could reply.

    Best Regards,

    Anne He    


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, July 9, 2015 1:29 AM

All replies

  • Hi Jean,

    According to your description, you failed to add one site CA to the other site HRV. It got the error: please enter a valid certification authority.

    Since you configured the CA server as an enterprise root, the CA server can only provide authority service to members belong to the same AD domain. You need to verify if the main side NAP server and the second side CA server belongs to the same domain.

    If the two belongs to different domains, you still want to add the CA server to NAP, you could build trust between two forests. After building trust, you may try again.

    Here are some references:

    Enterprise certification authorities

    https://technet.microsoft.com/en-us/library/cc776874%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    How to create trust between two forests:

    http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

    http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx

    Best Regards,

    Anne He       


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, July 7, 2015 9:51 AM
  • Hi Anna,

    Both Site are in the Same AD Domain, and both HRA have permission on both CAs as requested So what cloud be the problem

    Tuesday, July 7, 2015 10:01 AM
  • Hi Jean,

    I have tested it in my lab, this issue will happen when the client can’t access the CA server.

    It is recommended that you check the connection of the NAP server and the CA server first. Verify if the NAP server can resolve the FQDN of the CA server. In addition, you may check the state of the CA server, verify if the CA server could reply.

    Best Regards,

    Anne He    


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, July 9, 2015 1:29 AM