Discussion:
802.1x -- laptop won't connect
(too old to reply)
ScottG
2006-09-19 16:11:02 UTC
Permalink
Hello --

I have been working to deploy a test environment using certificate services
as outlined in

Microsoft Solutions for Security: Security Wireless LANs with Certificate
Services

I run into the following error message on the radius server

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 9/19/2006
Time: 7:38:02 AM
User: N/A
Computer: SERVER1
Description:
User ***@test.corp was denied access.
Fully-Qualified-User-Name = TEST\scott
NAS-IP-Address = 192.168.255.100
NAS-Identifier = <not present>
Called-Station-Identifier = 00-14-C2-A5-6C-C1:test8021x
Calling-Station-Identifier = 00-13-02-61-29-AC
Client-Friendly-Name = 192.168.255.100
Client-IP-Address = 192.168.255.100
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Allow Wireless Access
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 287
Reason = A certificate chain could not be built to a trusted root authority.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0a 01 0b 80 ...?



Can anyone shed light on the solution?

Thanks in advance.
--
ScottG
FenderAxe
2006-09-21 22:18:13 UTC
Permalink
Post by ScottG
Hello --
I have been working to deploy a test environment using certificate
services as outlined in
Microsoft Solutions for Security: Security Wireless LANs with
Certificate Services
I run into the following error message on the radius server
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 9/19/2006
Time: 7:38:02 AM
User: N/A
Computer: SERVER1
Fully-Qualified-User-Name = TEST\scott
NAS-IP-Address = 192.168.255.100
NAS-Identifier = <not present>
Called-Station-Identifier = 00-14-C2-A5-6C-C1:test8021x
Calling-Station-Identifier = 00-13-02-61-29-AC
Client-Friendly-Name = 192.168.255.100
Client-IP-Address = 192.168.255.100
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Allow Wireless Access
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 287
Reason = A certificate chain could not be built to a trusted root authority.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 0a 01 0b 80 ...?
Can anyone shed light on the solution?
Thanks in advance.
Looks like the CA cert is not in the Trusted Root Certification Authorities
certstore on the client computer, or if there is a cert there it is messed
up somehow.

If it exists, delete it and then connecting the laptop with a WIRED
connection and log on -- that refreshed GP and get a CA cert 4 u.

After u get the cert unplug and try wireless logon.

FA

Loading...