Problem with WLAN IAS certificate enrollment

R

Randy Smith

Guest
-Group policy set to allow autoenrollment

-IAS/DC's members of new security group

-Certifcate template set to allow enroll and autoenroll for newly created

security group

-Both IAS/DC's have been rebooted since adding to new group

-Domain controller certs have been issued to both IAS servers

-Selected automatically enroll certs in Certificates MMC.

I have done this a few times now over the past four days...certs are not

being issues to the IAS servers for WLAN auth. There are no errors in the

application log on the IAS servers or the CA server.

Any ideas on how to get this cert issued to both IAS servers?

 
B

Brian Komar \(MVP\)

Guest
Have you added the Domain COntrollers group to the Certsvc_DCOM_ACCEss

(something like that) group in the domain.

See the SP1 readme notes for more details

Brian

"Randy Smith" <smittyrt@gmail.com> wrote in message

news:eAYeyy2tIHA.3604@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

> -Group policy set to allow autoenrollment

> -IAS/DC's members of new security group

> -Certifcate template set to allow enroll and autoenroll for newly created

> security group

> -Both IAS/DC's have been rebooted since adding to new group

> -Domain controller certs have been issued to both IAS servers

> -Selected automatically enroll certs in Certificates MMC.

>

> I have done this a few times now over the past four days...certs are not

> being issues to the IAS servers for WLAN auth. There are no errors in the

> application log on the IAS servers or the CA server.

>

> Any ideas on how to get this cert issued to both IAS servers?

>

> </span>

 
R

Randy Smith

Guest
Thanks Brian for the response.

I found this group on my CA server as a local security group. The everyone

group was already a member but I added the domaon controllers group anyway.

I have rebooted one of my DC's to update the group membership and requested

a cert once again. It almost seems like the request is not getting to the CA

server. There is no errors or any information at all about the request in

either the DC's (ISA's) server logs or the CA server logs about the request.

But...I can request a cert from a desktop and the cert is created nearly

immediately.

The difference...the only one I can see...is the certificate template. I

created this template on the CA server and have given the appropriate

security permissions to the appropriate groups. I've also checked the

settings of the template three times...they all are correct. I've even

deleted the template and recreated it. No help.

Any more ideas are greatly appreciated.

"Brian Komar (MVP)" <brian.komar.nospam@nospam.identit.ca> wrote in message

news:%23H3ZKd5tIHA.5832@TK2MSFTNGP02.phx.gbl...<span style="color:blue">

> Have you added the Domain COntrollers group to the Certsvc_DCOM_ACCEss

> (something like that) group in the domain.

> See the SP1 readme notes for more details

> Brian

>

> "Randy Smith" <smittyrt@gmail.com> wrote in message

> news:eAYeyy2tIHA.3604@TK2MSFTNGP03.phx.gbl...<span style="color:green">

>> -Group policy set to allow autoenrollment

>> -IAS/DC's members of new security group

>> -Certifcate template set to allow enroll and autoenroll for newly created

>> security group

>> -Both IAS/DC's have been rebooted since adding to new group

>> -Domain controller certs have been issued to both IAS servers

>> -Selected automatically enroll certs in Certificates MMC.

>>

>> I have done this a few times now over the past four days...certs are not

>> being issues to the IAS servers for WLAN auth. There are no errors in

>> the application log on the IAS servers or the CA server.

>>

>> Any ideas on how to get this cert issued to both IAS servers?

>>

>></span>

> </span>

 
You must log in or register to reply here.
Top Bottom