Re: Securing Wireless LANs with PEAP and Passwords

Thanks for the answer.

How can I make sure that the CA is installed correctly?

I've skipped the chapter and started the IAS Installation.

Before installing IAS on the server, I have to run a series of checks to
ensure that a domain controller is contactable and that all the required
tools have been installed. (MSSsetupCheckIASEnvironment)

Output:

Domain DC=test,DC=local:OK
netdiag /?:OK
Netdiag.exe install:OK
Network tests: OK
certutil -TemplateCAs Machine:failed
No CA found to issue Machine certificate templates. Please check CA
installation.

There are two certificates under "Certificates (Local Computer)":

server.test.local - certificate template: domaincontroller
testcert - certificate template: certification authority


"S. Pidgorny <MVP>" schrieb:

Guess you need to make sure the CA is installed and functional by some sort
of manual process. In the PEAP setup it's only handful of certificates that
you need - one for every IAS server. It comes to two certs per Windows
domain in enterprise rollouts.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"M. Petersen" <MPetersen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7210F4C3-9222-4D46-8C1F-8BDAD4F357BC@xxxxxxxxxxxxxxxx
Hello everybody,

I?m working with Microsoft's article "Securing Wireless LANs with PEAP and
Passwords" and want to evaluate this solution in an test-environment.


I?m hanging in chapter 4: Building the Network Certification
Authorityhttp://www.microsoft.com/technet/security/topics/cryptographyetc/peap_4.mspx

#I ensured that the domain is contactable and that the required tools have
been installed.

#After that i've installed the CA software components using the supplied
script.

#To verify a correct installation of the Certificate Services i have to
run
another supplied script (MSSsetup VerifyCAInstall):

certutil -f -ca.cert radD545D.tmp.cer:failed
Error retrieving the CA certificate.

#I've configured a new standard w2k3 system
#No hints in the eventlog
#the Cert Service is started

I?ve no idea at the moment and can't continue the installation.




.

Relevant Pages

  • Re: CA and SSL issue.
    ... and restart the CA and IIS service? ... > it during the installation process or setup. ... I get a cannot connect to server. ... > certificate. ...
    (microsoft.public.win2000.security)
  • Re: IIS 6.0 SSL problem
    ... I do not think you have a Server ... If SSL does not work after that, ... This is all default installation. ... I'm trying to install a SSL certificate for OWA. ...
    (microsoft.public.inetserver.iis.security)
  • Trouble installing SSL -- 2nd post
    ... I installed a self-generated certificate, and then later had to remove it ... "ISA Server could not establish an SSL connection with the published server ... internal name specified in the publishing rule is correct. ... Follow the wizard prompts to complete the installation procedure. ...
    (microsoft.public.isa)
  • Signing drivers with signtool for XP 64-bit -- suppressing the war
    ... Ineed to suppress the unsigned driver installation dialog for an automation ... article "Driver signing policy is automatically elevated for unsigned ... I need to sign our drivers for unattended installation via ... Signing Certificate Chain: ...
    (microsoft.public.development.device.drivers)
  • Trouble installing SSL
    ... I installed a self-generated certificate, and then later had to remove it ... "ISA Server could not establish an SSL connection with the published server ... internal name specified in the publishing rule is correct. ... Follow the wizard prompts to complete the installation procedure. ...
    (microsoft.public.isa)