Secured Wireless Build Guide

Discussion in 'Security Software' started by Michael Shire, Jan 18, 2005.

  1. I've got the PKI working for the Windows 2003 Active Directory users with the
    much appreciated help from this group.

    However, I have NT4 domains with a two-way Trust to the AD domain.

    For these users, I have tried using the Certificates MMC to request a new
    certificate, but I get the error:
    "Windows cannot find a certification authority that will process the request"
    I've tried Q271861 to resolve the problem, adding "Read and Enroll"
    permission for "NT4DOMAIN\Domain Users" to the "User" Template. Any guidance
    to get this working, or is this a lost cause because it is an NT4 domain?

    I've tried enrolling through the web interface. I can get to the point of
    generating the request, but when the request is issued I get the errors:
    "Your request failed. An error occurred while the server was processing
    your request
    Contact your administrator for further assistance.
    Request Mode:
    newreq - New Request
    Disposition:
    (never set)
    Disposition message:
    (none)
    Result:
    The specified domain either does not exist or could not be contacted.
    0x8007054b (WIN32: 1355)
    COM Error Info:
    CCertRequest:Submit The specified domain either does not exist or could
    not be contacted. 0x8007054b (WIN32: 1355)
    LastStatus:
    The specified domain either does not exist or could not be contacted.
    0x8007054b (WIN32: 1355)
    Suggested Cause:
    No suggestions"

    Any ideas on allowing NT4domains to enroll through the web?

    Mike
     
    Michael Shire, Jan 18, 2005
    #1
    1. Advertisements

  2. Would it be easier using a standalone subordinate CA? Will wireless access
    be revoked if the certificate is revoked?

    Mike
     
    Michael Shire, Jan 18, 2005
    #2
    1. Advertisements

  3. I'm still in Enterprise CA mode. I revoked a certificate yesterday, but the
    revoked certificate still allows access to the wireless network. If I get a
    report that a certificate is comprimised, how do I prevent that certificate
    from being used?

    Also, the certificate that I have doesn't correlate with the user I am
    logged in as. Can I copy this certificate to another computer and connect to
    the wireless network?
     
    Michael Shire, Jan 18, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.