Please enter a valid certification authority

Dears,

I have NAP with IPsec and below configuration:

in My main Site 1 NAP Server (NPS+HRA) and 1 CA Server (Enterprise Root), I configured HRA with this main site CA this is working fine

I deployed in my 2nd Site 1 NAP Server (NPS+HRA) and 1 CA Server (Enterprise Root) I configured HRA here with second site CA this is working fine

When I try to add Second Site CA to my first site HRA, I got this error: Please enter a valid certification authority

When I try to add Main Site CA to my second site HRA, I got this error: Please enter a valid certification authority

  • Please let me know where is the log file so I can know what the root coz
  • Please let me know if you find a solution for this issue

Regards


  • Edited by Jean M Monday, July 06, 2015 5:00 PM
July 6th, 2015 10:27am

Hi Jean,

According to your description, you failed to add one site CA to the other site HRV. It got the error: please enter a valid certification authority.

Since you configured the CA server as an enterprise root, the CA server can only provide authority service to members belong to the same AD domain. You need to verify if the main side NAP server and the second side CA server belongs to the same domain.

If the two belongs to different domains, you still want to add the CA server to NAP, you could build trust between two forests. After building trust, you may try again.

Here are some references:

Enterprise certification authorities

https://technet.microsoft.com/en-us/library/cc776874%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

How to create trust between two forests:

http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx

Best Regards,

Anne He       

Free Windows Admin Tool Kit Click here and download it now
July 7th, 2015 9:51am

Hi Anna,

Both Site are in the Same AD Domain, and both HRA have permission on both CAs as requested So what cloud be the problem

July 7th, 2015 10:01am

Hi Jean,

I have tested it in my lab, this issue will happen when the client cant access the CA server.

It is recommended that you check the connection of the NAP server and the CA server first. Verify if the NAP server can resolve the FQDN of the CA server. In addition, you may check the state of the CA server, verify if the CA server could reply.

Best Regards,

Anne He    

Free Windows Admin Tool Kit Click here and download it now
July 8th, 2015 9:31pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics