Discussion:
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
(too old to reply)
John Smith
2005-06-04 16:31:27 UTC
Permalink
Anyone know what this error is?

On the server under IAS Remote access Policies, under EAP Methods I have
"Smart Card or other certificate" selected, on the client I have under
"Authentication" I have "Smart Card or other certificate" selected and under
that I have "Use Certificate on this computer" I am getting the below error,

The root certificate is "trusted" on both the client and server, and the
chain shows up with no problems if I click on any of the certs. Anyone got
any ideas?


Full Event log

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 6/2/2005
Time: 10:19:28 AM
User: N/A
Computer: LCS1
Description:
User Bob was denied access.
Fully-Qualified-User-Name = Users/Bob
NAS-IP-Address = 192.168.1.17
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 00-12-17-e1-22-39
Client-Friendly-Name = wireless
Client-IP-Address = 192.168.1.17
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 295
Reason = A certification chain processed correctly, but one of the CA
certificates is not trusted by the policy provider.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 12 01 0b 80 ...?
Wei Zheng [MSFT]
2005-06-07 00:39:21 UTC
Permalink
Hi,

Have you tried this?
http://support.microsoft.com/default.aspx?scid=kb;en-us;255681

Follow the steps, see if it helps you.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

Please do not send e-mail directly to this alias.
This alias is for newsgroup purposes only.
====================================
Post by John Smith
Anyone know what this error is?
On the server under IAS Remote access Policies, under EAP Methods I have
"Smart Card or other certificate" selected, on the client I have under
"Authentication" I have "Smart Card or other certificate" selected and under
that I have "Use Certificate on this computer" I am getting the below error,
The root certificate is "trusted" on both the client and server, and the
chain shows up with no problems if I click on any of the certs. Anyone got
any ideas?
Full Event log
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 6/2/2005
Time: 10:19:28 AM
User: N/A
Computer: LCS1
User Bob was denied access.
Fully-Qualified-User-Name = Users/Bob
NAS-IP-Address = 192.168.1.17
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 00-12-17-e1-22-39
Client-Friendly-Name = wireless
Client-IP-Address = 192.168.1.17
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 295
Reason = A certification chain processed correctly, but one of the CA
certificates is not trusted by the policy provider.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 12 01 0b 80 ...?
John Smith
2005-06-07 04:15:20 UTC
Permalink
yes I have made sure that the root cert is in the "Trusted Root
Certification Authorities" of both the IAS servers Computer and Users
container. On the client the same, it's in both user and computer trusted
roots.



I have checked the chain of the issued certificates as well and they show as
good, no redX or anything...
Post by Wei Zheng [MSFT]
Hi,
Have you tried this?
http://support.microsoft.com/default.aspx?scid=kb;en-us;255681
Follow the steps, see if it helps you.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.
Please do not send e-mail directly to this alias.
This alias is for newsgroup purposes only.
====================================
Post by John Smith
Anyone know what this error is?
On the server under IAS Remote access Policies, under EAP Methods I have
"Smart Card or other certificate" selected, on the client I have under
"Authentication" I have "Smart Card or other certificate" selected and
under
Post by John Smith
that I have "Use Certificate on this computer" I am getting the below
error,
Post by John Smith
The root certificate is "trusted" on both the client and server, and the
chain shows up with no problems if I click on any of the certs. Anyone
got
Post by John Smith
any ideas?
Full Event log
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 6/2/2005
Time: 10:19:28 AM
User: N/A
Computer: LCS1
User Bob was denied access.
Fully-Qualified-User-Name = Users/Bob
NAS-IP-Address = 192.168.1.17
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 00-12-17-e1-22-39
Client-Friendly-Name = wireless
Client-IP-Address = 192.168.1.17
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 295
Reason = A certification chain processed correctly, but one of the CA
certificates is not trusted by the policy provider.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 12 01 0b 80 ...?
Loading...