Solved: Windows 7 cannot present a valid cert when an invalid cert is present in the store

umahar · ‎06-05-2017

Hi,

I testing machine authentication using EAP-TLS and certificate expiry. It seems that when an invalid cert is present in the machine store the machine is failing authentication and cannot present even the valid certificate.

This has been described by Microsoft at

https://support.microsoft.com/en-us/help/2769121/802.1x-authentication-fails-on-a-windows-7-based-or-windows-2008-r2-based-computer-that-has-multiple-certificates

Has anyone faced the same issue.

umahar · ‎06-30-2017

It din't help at first but after running Windows update multiple times it worked on Wireless but Wired still gave problems.

View solution in original post

hslai · ‎06-28-2017

Is the Microsoft hot fix not helping??

umahar · ‎06-30-2017

It din't help at first but after running Windows update multiple times it worked on Wireless but Wired still gave problems.

hslai · ‎06-30-2017

Thanks for the update. I hope you opened a ticket with Microsoft.

Were the certificates issued by a Microsoft Windows Enterprise CA and then renew using the cert renewal wizard? I am wondering why it did not clean up the expired certificates.

umahar · ‎07-14-2017

This was part of testing for BYOD environment so Microsoft Windows Enterprise CA was not involved.

ISE NSP does not clean up the expired certificate.