hi,
i think the problem is, that you didn´t change the registry-key for
certificate authentication.
for default windows tries to authenticate via user certificate. And so
windows only looks in user store for certificate.
Go to your registry and set up the following:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\EAPOL\PARAMETERS\GENERAL\GLOBAL
and create a DWORD with value of 2
that tells your windows to do authentication via machine cert.
Here is the explanation:
· 0 - Computer authentication mode. If computer authentication is
successful, no user authentication is attempted. If the user logon is
successful before computer authentication, user authentication is
performed. This is the default setting for Windows XP (prior to Service
Pack 1).
· 1 - Computer authentication with re-authentication. If computer
authentication is successful, a subsequent user logon results in a
re-authentication with user credentials. The user logon has to complete
in 60 seconds or the existing network connectivity is terminated. The
user credentials are used for subsequent authentication or
re-authentication. Computer authentication is not attempted again until
the user logs off the computer. This is the default setting for Windows
XP Service Pack 1 (SP1) and Windows Server 2003.
· 2 - Computer authentication only. When a user logs on, it has no
effect on the connection. Only computer authentication is performed.
The exception to this behavior is when a user successfully logs on, and
then roams between wireless APs. In that case, user authentication is
performed. For changes to this setting to take effect, restart the
Wireless Zero Configuration service for Windows XP or Windows Server
2003.
Hope that was what you were looking for
Greetz Eric
Post by maxximumI have a cisco 1242 AP that i would like to use with IAS/AD authentication
and force users to have WPA2 encryption. I have installed the WPA2 patch on
my computers and issues a computer cert from our trusted CA to both the PCs
and the IAS box. When ever i try to connect the XP PC states that "Windows
was unable to find a certificate to log you on to the network". What are the
setting to make this work. I have been through about 4 different white
papers and each one states something different.