12-10-2010 02:05 AM - edited 07-03-2021 07:31 PM
Hi All, i have a Setup as Follows
- 5508/1142
- heterogenous Client with WZC, XP, SP3, SSO
- ACS 5.2, MS AD
Target is Songle Sign On wih Machine Cerificates against AD. For testing purpose we tested with EAP-PEAP/MS Chapv2 and Machine Auth, works fine. Now we installed a Machine cert in the Machine cert Store (no User Cert) and reconfigured the WZC for using certs and Machin Auth. What we see is an Error Message in the System Tray that there is no certificate available. We checked it again, the MMC shows us a Machine cert in the Store.
Where am i wrong, any help welcome.
BR, Michael
Solved! Go to Solution.
12-10-2010 01:35 PM
Hi Michael,
This is how it works when you select the certificate method under the WZC:
So if you wish to use certificate based authentication for the machine, you need to use also for user authentication (using WZC).
If you have both user and machine certificate, then after installing the certs, reboot the machine and verify if it works.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-10-2010 01:35 PM
Hi Michael,
This is how it works when you select the certificate method under the WZC:
So if you wish to use certificate based authentication for the machine, you need to use also for user authentication (using WZC).
If you have both user and machine certificate, then after installing the certs, reboot the machine and verify if it works.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-11-2010 08:17 PM
Great job on the explation T .. 5 stars
I put a few missing links together for me ...
12-12-2010 09:28 AM
Hi Tiago,
this is exactly what i wanted to know, thanks a lot. I will discuss the Autoenrollment of User Certificates with my Customer.
Thanks again and 5 Stars on that!
Regards, Michael
01-24-2011 05:07 AM
Hey Guys,
one additional Question; what exactly is checked if i dont use Certificates (Customer Decision) but only the Computer against AD, simply the Hostname or his SID? Can i influence that?
Thx and Regards, Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide