Hi,
Are you talking about 802.1x to authenticate your computer on your network like with Cisco NAC?
I have a working DirectAccess laptop with both certificates (One for NAC and one for DA) so it works.
Gerald
Hi,
We aren't running a Cisco NAC, but essentially the same setup. Was there anything special you had to do to get that setup to work? Whenever we "request" a certificate for DA our wireless will no longer authenticate 802.1x until we delete that certificate, and reboot. The original certificate was created manually using openssl PKCS12.
Were using a different setup but basically, this is a 2-tier PKI with the Offline RootCA (Not from Microsoft) and a Sub-CA (Microsoft) which provides both NAC and DirectAccess Certificates for the laptops.
Debug of certificates is sometimes really difficult and I had some troubles also ;-)
Have you tried this hotfix? https://support.microsoft.com/en-us/kb/2494172
Gerald
Just tried it with no success. So both of your certificates are coming from the same CA then?
Yes...
We just create two different certificates templates but they are trusted by the same authorities.
Maybe because you are using two certificates for Client Authentication, your Windows is trying the DirectAccess certificate that is not trusted for your 802.1x then reports a failure without trying the second certificate.
Gerald
- Marked as answer by Techwww 11 hours 40 minutes ago
Yes...
We just create two different certificates templates but they are trusted by the same authorities.
Maybe because you are using two certificates for Client Authentication, your Windows is trying the DirectAccess certificate that is not trusted for your 802.1x then reports a failure without trying the second certificate.
Gerald
- Marked as answer by Techwww Tuesday, June 23, 2015 7:43 PM
Yes...
We just create two different certificates templates but they are trusted by the same authorities.
Maybe because you are using two certificates for Client Authentication, your Windows is trying the DirectAccess certificate that is not trusted for your 802.1x then reports a failure without trying the second certificate.
Gerald
- Marked as answer by Techwww Tuesday, June 23, 2015 7:43 PM
Yes...
We just create two different certificates templates but they are trusted by the same authorities.
Maybe because you are using two certificates for Client Authentication, your Windows is trying the DirectAccess certificate that is not trusted for your 802.1x then reports a failure without trying the second certificate.
Gerald
- Marked as answer by Techwww Tuesday, June 23, 2015 7:43 PM
Hi
Ya I am thinking thats what the issue is... We'll have to wait until we change our 802.1x
Thanks for all the help