Windows Server 2003 SP 2 Hello, I'm sure the solution here is obvious to someone who knows what they're doing! I've searched high and low and have found no solution to this plus my ignorance around certificates hasn't helped my frustration so far ... Our root domainXX.com SSL certificate expired last week. I foolishly thought this would have no effect so I deleted the expired cert. Today users can not log in. They can access exchange via owa but can't log on to the lan either via LAN or WAN. I get the following three entries in the Event log of the DC for each failure: Eventid 20191: Because the certificate that was configured for clients dialing in with EAP-TLS was not found, a default certificate is being sent to user domainXX\userxx. Please go to the user's Remote Access Policy and configure the Extensible Authentication Protocol (EAP). Eventid 20168: Could not retrieve the Remote Access Server's certificate due to the following error: Cannot find object or property. Eventid: 3 Access request for user nad was discarded. <Followed by lots of id information> My question is what is the best solution? - Can I change the policy so that the cert is not needed and so not referenced (we are migrating soon so security is not paramount in the short term) ? If so how - I've followed instructions and nothing seems to make a difference. - Can I quickly issue a cert from the DC itself? IF so what are the steps? I don't understand enough to know what configuration is needed. Many thanks for your help.

Hi, You can try to issue self-signed certificate, or temporary install CA to issue a certificate. Change the certificate on the RRAS Server and make sure it is trusted by the clients (issuer is trusted in the trusted root certificate authority’s store). Some hints can be found here: Configure RRAS with a Computer Authentication Certificate http://technet.microsoft.com/en-us/library/dd458982.aspx You can issue a self signed certificate trought the MMC contsole (add certificates) or though IIS. Will appreciate if you give feedback if this has helped you. Best Regards, Spas Kaloferov [ MCITP: SA7 | EA7 | VA7 | EDA7 |DBA10 | DBD10 | BID10 | EMA14 | SPA14 ] NetShell Services & Solutions | “Design the future with simplicity and elegance” www: www.spaskaloferov.com | www: www.netshell-solutions.com

Hello Spas, Thanks for your help but 20 minutes later I am no wiser. The certificate does not exist so I cannot change it. I'm afraid that link you posted doesn't tell me anything about how to install a cert. There is no option to create a new cert when I use mmc with certificates plugin. BStore

the certificate has most probably been only Archived. Go to right-click the certificate console root, select View->Options and enable displaying the Archived Certificates. ondrej.

Hello Ondrej, I don't really know what to expect by doing this but it seems it made no difference. Now printing on the domain is stopped also. Please can someone simply tell me how to either create a cert that will work or remove all reference to the cert in the policy. Thanks