locked
NAP(802.1x) doesn't work using PEAP-TLS authentication method. RRS feed

Answers

  • Hi,

    Check that the correct certificate is present and try requesting one if it is not found. One the client machine:

    1. Start > Run > type mmc > press enter
    2. File > Add/Remove Snap-in > Click Certificates > Click Add > Choose My user account > Click Finish > Click OK
    3. Expand Certificates - Current User\Personal\Certificates. Do you have a user certificate here?
    4. If not, right click Certificates > point to All Tasks > Click Request new certificate > Click Next, select the user certificate > Click Enroll

    Let me know if this helps,
    -Greg

    Wednesday, October 29, 2008 8:08 PM

All replies

  • Hi,

    Check that the correct certificate is present and try requesting one if it is not found. One the client machine:

    1. Start > Run > type mmc > press enter
    2. File > Add/Remove Snap-in > Click Certificates > Click Add > Choose My user account > Click Finish > Click OK
    3. Expand Certificates - Current User\Personal\Certificates. Do you have a user certificate here?
    4. If not, right click Certificates > point to All Tasks > Click Request new certificate > Click Next, select the user certificate > Click Enroll

    Let me know if this helps,
    -Greg

    Wednesday, October 29, 2008 8:08 PM
  • I have the same problem.  2008 NPS/Cert server, along with 2008 AD. 

    On the client XP machine, I see the cert that I issued from my CA under Local Computer\personal\Certificates.  how ever when I log in, It tells me there it can't find a cert.  Very odd.


    Friday, December 5, 2008 9:34 PM
  • I am still having the same problem, it checks out a certificate, but somehow it seems that it is not using the correct one for the NPS??  I am using a Machine certificate, and I see on the Certificate server I get a lease, and I verify under machine cert, and under personal, I see the cert there.  But it still tells me it is validating identity, and then unable to find a cert to log me on to the network. 

    On the NPS, tt seems that the EAP properties, I only have once choice for the certificate issued, and under the EAP Types, I use the "Smart card or other certificate", and also only have once choise for the certificate issued to as a drop down box.

    There must be some disconnect between what is being issued, and what the NPS is looking for?

    Thanks for any help!
    Monday, February 2, 2009 8:53 PM
  • Hi,

    If you are using EAP-TLS you must have the client certificate in the user certificates store, not the computer certificates store. It shouldn't say Local Computer\personal\Certifcates. It should be Current User\Personal\Certificates.

    -Greg
    Monday, February 2, 2009 10:33 PM
  • Thanks for the reply Greg,
    I am using PEAP-TLS, and from what I can see from Microsoft, it should allow me to use Computer based Certs. 

    Unless there is some thing with the Cisco Wism that is preventing it?  But I called Cisco and they said it should work. 

    Thanks!
    Tuesday, February 3, 2009 4:44 PM