RE: [SPAM POSSIBILITY] Re: VPN PPTP clients using EAP certificates
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 16 Feb 2005 09:46:34 -0600
Hi Mark,
I all scenarios, all machines belong to the domain.
HTH,
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Mark Wrightson [mailto:mark.wrightson@xxxxxxxxxxxxxxxx]
Sent: Wednesday, February 16, 2005 9:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] [SPAM POSSIBILITY] Re: VPN PPTP clients using EAP
certificates
http://www.ISAserver.org
Yes the 2004 box is a member of the domain. For test purposes I've used
a stand alone CA to generate the certificates. Is this allowed or does
it have to be an enterprise CA and thus linked to Active Directory and
Active Directory Users
>>> thor@xxxxxxxxxxxxxxx 2/16/2005 3:15:49 PM >>>
http://www.ISAserver.org
The 2004 box is a member of the domain and thus trusts the root cert,
right?
----- Original Message -----
From: "MW" <mark.wrightson@xxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, February 16, 2005 4:49 AM
Subject: [isalist] VPN PPTP clients using EAP certificates
> http://www.ISAserver.org
>
> Trying to get certifiace based Eap authentication working for PPTP VPN
> clients
> on ISA 2004 from a windows 2000 professional PC. Have followed
> instructions
> in Toms books. Seems very straightforward. Have used a stand alone CA
on a
> win 2000 server.
>
> Have put machine cert on ISa 2004
> Configures ISA 2004 for Eap
> Done Eap user mapping
> Issued Cert to remote VPN win 2000 client
>
> All certs look OK but I get the following error messages in the
isa2004
> event
> log when I try and connect. The first message appears the first time I
try
> and
> connect after a re-boot. Subsequent connection attempts always
generate
> the second
> message.
>
>
> Message 1
>
> Because no certificate has been configured for clients dialing in with
> EAP-TLS,
> a default certificate is being sent to user
> northgatevhnet\mark_wrightson_nmh.
> Please go to the user's Remote Access Policy and configure the
Extensible
> Authentication Protocol (EAP).
>
> For more information, see Help and Support Center
> at http://go.microsoft.com/fwlink/events.asp.
>
>
>
> Message 2
>
> The user mark_wrightson_nmh connected from 195.171.160.45 but failed
an
> authentication attempt due to the following reason: A certification
chain
> processed
> correctly, but one of the CA certificates is not trusted by the policy
> provider.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
> Any ideas
>
> MW
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark.wrightson@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
************************************************************************
**********
This e-mail and its attachments are intended for the above named only
and may be confidential. They are intended to be used by the addressee
solely for the purpose of conducting business with Northgate Plc and its
associated companies. If they have come to you in error you must delete
them, take no action based on them, nor must you copy or show them to
anyone.
Security Warning:
Please note that this e-mail has been created in the knowledge that
Internet e-mail is not a 100% secure communications medium. You
acknowledge that you understand and take account of this lack of
security when e-mailing us.
Viruses:
Although we have taken steps to ensure that this e-mail and attachments
are free from any virus, we advise that in keeping with good computing
practice the recipient should ensure they are actually virus free and
Northgate Plc accepts no liability for such viruses.
Data Protection
From time to time we may wish to send you information relating to our
products and services by email. Your email address will be for sole use
by our company and companies within the Northgate plc group of companies
and will not be passed out to any third parties. If you do not wish to
receive information by email then please reply to this email with the
word 'remove' in the subject line. Please include your exact email
address and company name. We will remove you immediately from our
mailing list.
Northgate Plc
Norflex House
Allington Way
Darlington
Co Durham
DL1 4DY
Registered in England No. 53171
************************************************************************
**********
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
