locked
IAS log error : The credentials supplied to the package were not recognized RRS feed

  • Question

  • Hi,

    I have this problem. "Could not retrieve the Remote Access Server's certificate due to the following error: The credentials supplied to the package were not recognized"


    to understand :

    Where does this error show up? ias / system log

    What is the server/client OS and domain setup? server : windows server 2003 R2 STD 32bit / client XP pro SP3 32bits / domain w 2003 native

    CA   : root > w 2003 r2 std standalone
    CA : subca > w 2003 r2 std standalone

    I quickly understand that autoenroll will be impossible..ok

    but I still need to put my remote policy  in my IAS to talk with my cisco_ap through  EAP...and I choice "PEAP-MSChap v2"...so far so good..

    I custom the inf , like :

    [Version]

    Signature="$Windows NT$

    [NewRequest]

    Subject = "CN=ias,DC=domainname,DC=rootdomainname"
    EncipherOnly = FALSE
    Exportable = FALSE
    KeyLength = 1024 
    KeySpec = 1
    KeyUsage = 0xA0
    ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
    ProviderType = 12
    RequestType = CMC

     

    [EnhancedKeyUsageExtension]
    OID=1.3.6.1.5.5.7.3.1

    [RequestAttributes]
    SAN="dns=ias.domain.rootdomain"


    the method to made request:

    c:\certreq -new ias.inf ias.req
    c:\certreq -submit ias.req ias.p12

    I choice the sub-ca to issue the certificate..

    Well so far so good , but after I put the digital certificate into local store computer of my ias , and setup the policy with peap + mschap v2..

    my xp , in local store have the root and subca certificate.....


    but in the end the log of my ias give that error..

    what I need is, understand what are the lines that missing the inf file.


    Thanks
    RP

    Thursday, November 26, 2009 10:00 PM

Answers

All replies

  • The following solution should fix your issue: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO2944&pmv=print&actp=PRINT. could you please have a try? Thanks.
    Sorry. My posting is my personal suggestion, Microsoft won't take any responsibilities for my posting. But I am more than happy to try my best to help you.
    • Proposed as answer by Qunshu Zhang Friday, November 27, 2009 5:02 AM
    • Marked as answer by Mervyn Zhang Monday, December 7, 2009 1:55 AM
    Friday, November 27, 2009 5:02 AM
  • I found that if you change the Log on (Service properties - Log on tab) under which the service is running you can potentially resolve this issue.  Mine was running under NT_AUTHORITY\NetworkService.  When I switched it to Local System Account the problem immediately went away.  

    This is despite having first tried copying the certificate to the NT_AUTHORITY\NetworkkService account.

    Friday, February 4, 2011 12:54 AM