locked
Smartcard logon UAG-Rdapp RRS feed

  • Question

  • We have setup a UAG server (Windows Server 2008 R2) and a https trunk for our users connecting remotly. We have our own CA and we are using smartcards for logon purpose. When we try to connect remotly using a smartcard we get a validation error, here´s the output;

    User test with source IP address 80.169.183.244 failed to log into trunk rdapp (secure=1) using authentication server DC with session ID D9FE8405-C77A-43B2-A4B5-646EA36085A3. Error code is The user [test] information [CertificateUPN] is not [test@invmgt.wan]

    We have changed some settings in accordance with the "Configuring LDAP client certificate authentication" info provided on Microsoft Technet, but with no success.

     

    Any suggestions would be appreciated.

     

    Tony Lewis

     

     

    Monday, April 19, 2010 11:02 AM

Answers

  • I'm marking this question as resolved, even though it is not, as it appears that no one has been able to answer it for a long time. I might suggest that you wait a little bit, and then post the question again , as a new question with the same content, and perhaps someone will be able to help. If this is still unresolved, and is important to you, I might suggest you open a support case with Microsoft CSS, and have it investigated throroughly.


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Wednesday, May 12, 2010 7:45 PM
    Wednesday, May 12, 2010 7:45 PM

All replies

  • So the first question is does the UPN of the user in the subject alternative name in the certificate on the smart card actually match the UPN of the user's account in AD?

     


    Paul Adare CTO IdentIT Inc. ILM MVP
    Monday, April 19, 2010 11:11 AM
  • Hi and thanks for the quick response, the userPrincipalName on the the AD account is tlea-test@invmgt.wan and the Subject Alternative Name on the certificate is set to Principal Name = tlea-test@invmgt.wan. 

    Tony Lewis 

     

    Monday, April 19, 2010 11:29 AM
  • I'm marking this question as resolved, even though it is not, as it appears that no one has been able to answer it for a long time. I might suggest that you wait a little bit, and then post the question again , as a new question with the same content, and perhaps someone will be able to help. If this is still unresolved, and is important to you, I might suggest you open a support case with Microsoft CSS, and have it investigated throroughly.


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Wednesday, May 12, 2010 7:45 PM
    Wednesday, May 12, 2010 7:45 PM
  • Did you sort this out ?

    I may be able to assist if you haven't

    Friday, May 14, 2010 1:18 PM