locked
NPS unable to authenticate clients when CR Server is Down. RRS feed

  • Question

  • Hi,

    We came across an issue where one of our CRL server was down and NPS was unable to authenticate clients given the

    Error Code: 259
    Reason:The revocation function was unable to check revocation because the revocation server was offline

    Then, I read in this link http://technet.microsoft.com/en-us/library/cc770602(v=ws.10).aspx that says (below)

    "By default, the NPS server uses the CRL distribution points in the certificates. However, it is also possible to store a local copy of the CRL on the NPS server."


    I would like to know, how do i verify this settings or where do i configure this settings? I would like to ensure my NPS will still be able to authenticate clients even when the CRL servers are down. Am i right to say that when these settings are set, even when CR is down, my NPS will still be able to authenticate clients?

    Thanks in advance.

    Rgds
    HLJ


    hanglj

    Tuesday, January 22, 2013 3:27 AM

Answers

  • Hi,

    You can manually import the latest CRL and Delta CRL to the right container on the NPS server.

    Best Regards,

    Aiden


    Aiden Cao
    TechNet Community Support

    • Marked as answer by Aiden_Cao Tuesday, February 5, 2013 2:36 AM
    Thursday, January 24, 2013 6:39 AM

All replies

  • Hi,

    You can manually import the latest CRL and Delta CRL to the right container on the NPS server.

    Best Regards,

    Aiden


    Aiden Cao
    TechNet Community Support

    • Marked as answer by Aiden_Cao Tuesday, February 5, 2013 2:36 AM
    Thursday, January 24, 2013 6:39 AM
  • Hi Aiden, Thank you for the reply. May i ask if you can be more insightful? Do you have any links or steps on how to perform the import?

    hanglj

    Friday, January 25, 2013 12:58 AM
  • Hi hanglj,

    For detailed steps, I would recommend that you open a new thread at Security forum. It’s more appropriate to ask there. Your understanding is highly appreciated.

    Security Forum
    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads


    Best Regards,
    Aiden

     


    Aiden Cao
    TechNet Community Support

    Tuesday, February 5, 2013 2:39 AM