locked
NPS unable to authenticate clients when CR Server is Down. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    We came across an issue where one of our CRL server was down and NPS was unable to authenticate clients given the

    Error Code: 259
    Reason:The revocation function was unable to check revocation because the revocation server was offline

    Then, I read in this link http://technet.microsoft.com/en-us/library/cc770602(v=ws.10).aspx that says (below)

    "By default, the NPS server uses the CRL distribution points in the certificates. However, it is also possible to store a local copy of the CRL on the NPS server."


    I would like to know, how do i verify this settings or where do i configure this settings? I would like to ensure my NPS will still be able to authenticate clients even when the CRL servers are down. Am i right to say that when these settings are set, even when CR is down, my NPS will still be able to authenticate clients?

    Thanks in advance.

    Rgds
    HLJ

    hanglj

    Tuesday, January 22, 2013 3:27 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can manually import the latest CRL and Delta CRL to the right container on the NPS server.

    Best Regards,

    Aiden

    Aiden Cao
    TechNet Community Support

    • Marked as answer by Aiden_Cao Tuesday, February 5, 2013 2:36 AM
    Thursday, January 24, 2013 6:39 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can manually import the latest CRL and Delta CRL to the right container on the NPS server.

    Best Regards,

    Aiden

    Aiden Cao
    TechNet Community Support

    • Marked as answer by Aiden_Cao Tuesday, February 5, 2013 2:36 AM
    Thursday, January 24, 2013 6:39 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Aiden, Thank you for the reply. May i ask if you can be more insightful? Do you have any links or steps on how to perform the import?

    hanglj

    Friday, January 25, 2013 12:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi hanglj,

    For detailed steps, I would recommend that you open a new thread at Security forum. It’s more appropriate to ask there. Your understanding is highly appreciated.

    Security Forum
    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads


    Best Regards,
    Aiden

     

    Aiden Cao
    TechNet Community Support

    Tuesday, February 5, 2013 2:39 AM