802.1x PEAP Windows 2008 NPS Certificate

Similar Messages

• [SOLVED] Wireless 802.1x PEAP Windows 7 and Windows 2012 NPS and CA

  Hello,
  We are in progress of migrating our RADIUS (Windows 2003 R2) and Certificate (Windows 2003 R2) servers to 2012 (R2). This went fine, no problems. After that we have changed
  our Wireless controller a Cisco 5508. We have change our certificate from a 1024bits to a 2048bits certificate.
  We tested the other certificate functions and that went fine too.
  But we experience a problem with wireless 802.1x in combination with Windows 7 machines. We have Windows 8 and 8.1 machines that do not experience this problem and wireless 802.1x?
  We recreated the wireless policy but also no success.
  We have seen this problem before, with a customer who had a Windows 2008 R2 certificate server and Windows XP machines with wireless 802.1x . Exact the same problem. After
  decommissioning the Windows 2008 R2 certificate server and changed it to a Windows 2003 R2 certificate server, there where no problems any more.
  It looks like that older versions of Windows do not work with newer certificate servers?
  Do we miss something? Can someone confirm this.
  We already looked for these forum posts, but with no success
  http://social.technet.microsoft.com/Forums/windows/en-US/796d447f-518c-4ccb-81ff-921ee561d742/win2k8r2-peapnps-with-cisco-wireless-controller-problem?forum=winserverNIS
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/76644dcc-911d-451e-b7f1-39269db43ac7/nps-event-6273-reason-code-16
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/d543fe75-0cf9-49e7-bbfa-dd0df219cfe5/the-radius-request-did-not-match-any-configured-connection-request-policy-crp
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID:                            
  domainname\NB80W7$
  Account Name:          
  host/NB80W7.domainname.local
  Account Domain:                               
  domainname
  Fully Qualified Account Name: domainname\NB80W7$
  Client Machine:
  Security ID:                            
  NULL SID
  Account Name:                                  
  Fully Qualified Account Name: -
  OS-Version:                            
  Called Station Identifier:                    
  08-d0-9f-ec-96-60:domain
  Calling Station Identifier:                   
  a0-88-b4-35-2e-08
  NAS:
  NAS IPv4 Address:                 
  192.168.2.6
  NAS IPv6 Address:                 
  NAS Identifier:                       
  WLC5500
  NAS Port-Type:                                  
  Wireless - IEEE 802.11
  NAS Port:                               
  1
  RADIUS Client:
  Client Friendly Name:             
  WLC5500
  Client IP Address:                              
  192.168.2.6
  Authentication Details:
  Connection Request Policy Name:     
  WLC5500
  Network Policy Name:            
  Authentication Provider:                    
  Windows
  Authentication Server:                       
  DC01.domainname.local
  Authentication Type:              
  EAP
  EAP Type:                               
  Account Session Identifier:               
  Logging Results:                                
  Accounting information was written to the local log file.
  Reason Code:                        
  48
  Reason:                                             
  The connection request did not match any configured network policy.
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID:                            
  domainname\Username
  Account Name:                                  
  domainname\Username
  Account Domain:                               
  domainname
  Fully Qualified Account Name: domainname.local/ICT Specialisten/Username
  Client Machine:
  Security ID:                            
  NULL SID
  Account Name:                                  
  Fully Qualified Account Name: -
  OS-Version:                            
  Called Station Identifier:                    
  08-d0-9f-ec-96-60:domain
  Calling Station Identifier:                   
  a0-88-b4-35-2e-08
  NAS:
  NAS IPv4 Address:                 
  192.168.2.6
  NAS IPv6 Address:                 
  NAS Identifier:                       
  WLC5500
  NAS Port-Type:                                  
  Wireless - IEEE 802.11
  NAS Port:                               
  1
  RADIUS Client:
  Client Friendly Name:             
  WLC5500
  Client IP Address:                              
  192.168.2.6
  Authentication Details:
  Connection Request Policy Name:     
  WLC5500
  Network Policy Name:            
  WLC5500
  Authentication Provider:                    
  Windows
  Authentication Server:                       
  DC01.domainname.local
  Authentication Type:              
  PEAP
  EAP Type:                               
  Account Session Identifier:               
  Logging Results:                                
  Accounting information was written to the local log file.
  Reason Code:                        
  16
  Reason:                                             
  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

  Hi,
  Please confirm the Win7 clients has renew the certificate and deleted the old certificate. And confirm you are not using the default server certificate template.
  More information:
  Renew a Certificate
  http://technet.microsoft.com/en-us/library/cc730605.aspx
  NPS Server Certificate: Configure the Template and Autoenrollment
  http://msdn.microsoft.com/en-us/library/cc754198.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 2008 R2 Certificate Servers

  We have a Windows 2008 R2 Certificate Server that we would like to protect in case of a failure.   It is a virtual machine.  What are some options for us to consider in protecting this server in case of a business failure to the hardware
  or a natural disaster?

  In order to restore a CA you need the following:
  Backup of the CA's key(s): These only change when you renew the CA certificates, thus to be backed up after setup or renewal, e.g. by using
  certsrv.msc, All Tasks, Backup CA, Private key and certificate.
  Backup of the CA's database: To be done frequently and automated, e.g. daily by a scripts based on
  certutil -backupdb. In case of a disaster you would lose the certificates and requests added since the last backup. You need the database for revoking certificates, issuing or denying requests, and general accounting - so losing some requests does
  not break operations.
  Backup of the configuration, that is the CertSvc registry key. If you used scripts to configure the CA initially backup those, too, and any
  capolicy.inf file that might been used.
  In addition or as an alternative you could do a full backup of the VM of course. But I had seen weird things happening to CA keys sometimes so I would recommend to have at least a backup of the key plus a full backup of the machine.
  Restore based on the components listed is then equivalent to setting up a new CA with the option 'Existing key and certificate', and restoring the DB and config. after the setup. I would recommend training this process from time to time.
  In addition to the CA the services hosting CRLs or OCSP are critical. They could be re-created in principle based on the information available at the CA and new OCSP certificates. So you need a backup and restore or at least the 're-creation' procedure for
  those, too.
  Elke

• Wireless Controller and Microsoft Windows 2008 NPS

  Hello Community,
  Got a Nightmare project to convert our Wireless over to Windows 2008 NPS for AP, Controller and User Athenication.  Anyone have a link to a good Deployment Guide/How To on what is needed for the NPS Server (esp the attributes for AP, Contoller and Users)?
  Thank You
  Michael

  So you are looking to use RADIUS to authenticat the managment users and the actual wireless clients?
  RADIUS Managment
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080782507.shtml
  This goes over what attribute you need to return from the RADIUS server.
  For the users:
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bfb19a.shtml
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Authentication Failed to 2008 NPS from Cisco IOS VPN

  I'm trying to authenticate VPN connections to a Windows 2008 NPS Radius server.
  Local authentication works fine.
  Here are cisco configs:
  aaa new-model
  aaa authentication login default local
  aaa authentication login VPNauth group radius local
  aaa authorization network VPNgroup local
  aaa session-id common
  ip radius source-interface Loopback0
  radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 xxxx
  crypto map VPNMAP client authentication list VPNauth
  crypto map VPNMAP isakmp authorization list VPNgroup
  crypto map VPNMAP client configuration address respond
  crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
  ... other crypto commands
  This is the section of the log from NPS:
  Authentication Details:
      Connection Request Policy Name:    VPN
      Network Policy Name:        -
      Authentication Provider:        Windows
      Authentication Server:        x.x.x.x
      Authentication Type:        PAP
      EAP Type:            -
      Account Session Identifier:        -
      Logging Results:            Accounting information was written to the local log file.
      Reason Code:            16
      Reason:                Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
  I do have PAP enabled on the Network/Connection Request Policies...
  I'm stuck
  Please help

  Can you run a "teat aaa " command to see if the user can be authenticated successfully?
  I think this might be a configuration issue on NPS. You can google it. Here is one I found, refer to "irishHam" post.
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3

• RV180W and 802.1x with Windows NPS

  I am attempting to configure a Cisco RV180W with 802.1x authentication using peap-mschap-v2 with a server 2008 nps box in a domain environment and I keep getting the following error in the event logs: "The RADIUS request did not match any configured connection request policy (CRP)."  I do have my Connection request and Network policies in place and they do work when using a Cisco 1142N.  Does anyone know if the RV180W supports this type of configuration?
  Jose

  I believe the problem should be solved with the new phone firmware:
  Ref Cisco Document:
  http://www.cisco.com/en/US/products/hw/phones/ps379/prod_release_note09186a0080461f84.html
  "Firmware release 7.2(2) provides support for the Cisco IP Phone models 7960G and 7940G to monitor IEEE 802.1X messages between an authenticating switch and a connected PC (supplicant).
  When a PC is disconnected from the Cisco IP Phone, the phone issues an EAPOL-Logoff message on behalf of the PC to the authenticating switch.
  Hope This Helps
  Jarle Steffensen

• Unable to install SCCM client on Windows Server 2008 R2 - certificate permission error?

  I am trying to comply with corporate policy, which is, have an SCCM agent or client on every Windows device. I have successfully used the provided SCCM installer on other Windows 2008 R2 servers. However for one particular server I cannot get the SCCM agent
  to install successfully. I've searched forums and documentation, but can't find a solution. Part of the problem is the lack of feedback by SCCM on what is wrong. I think I have narrowed down the symptom to the following error messages from the "C:\Windows\CCM\Logs\ClientIDManagerStartup.log":
  [LOG[Certificate [Thumbprint C559304C1598F17641D0732EB9EB787169A25FA7] issued to 'SMS' doesn't have private key or caller doesn't have access to private key.
  [LOG[Failed in GetCertificate(...): 0x87d00281]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="ccmcert.cpp:2122">
  [LOG[CCMCreateAuthHeaders failed (0x8009200b).]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="clientauthutil.cpp:978">
  When I use the Certificates MMC snap in to look at installed certs on this Windows Server 2008 R2 machine, there are plenty of normal and expected certificates there. There is also a branch called SMS with hundreds of entries, I have no idea what that is.
  The above error seems to indicate a permissions issue. What do I do to fix this SCCM install? It seems like a server cert issue, not an SCCM issue, so I'm posting to the Windows Server forums.
  Thanks in advance.
  Thanks

  this maybe helpful...
  http://www.jamesbannanit.com/2011/04/certificate-requirements-for-sccm-2012/
  should be asked in SCCM forum...
  http://social.technet.microsoft.com/Forums/en-US/home?forum=configmanagerdeployment
  Best,
  Howtodo

• Certificate Authority Windows 2008 to 2012 R2 - Clean up and Migration

  Hello,
      I'm currently dealing with the following scenario:
  1. I've inherited the current infrastructure setup and the plan is to clean things up and setup a new certificate infrastructure using Windows 2012 R2.
  2. The current setup:
      a. Domain Controller, Windows 2008 R2, is/was a Certificate Authority.  It hasn't issued any new certificates (based on the information in Certificate Effective Date) for quite some time.  It also has an expired certificate for
  itself - issued by the domain's issuing CA - and attempts to renew it via MMC give a "Server execution failed" and STATUS: Failed when looking in Certificate enrollment for Domain Controller.  We'll call the server, DC1.
      b. Certificate Authority Server, we'll call it CERT1.  When booting up the machine and/or attempting to restart certificate services on the server, the following errors are in the event log:
  EVENT 7024: Description: The Active Directory Certificate Services service terminated with service-specific error %%-2146885613.
  EVENT 100: Active Directory Certificate Services did not start: Could not load or verify the current CA certificate.  Domainlocal Issuing CA The revocation function was unable to check revocation because the revocation server was offline. 0x80092013
  (-2146885613).
  EVENT 48: Description: Revocation status for a certificate in the chain for CA certificate 0 for Domain.local Issuing CA could not be verified because a server is currently unavailable.  The revocation function was unable to check revocation because
  the revocation server was offline. 0x80092013 (-2146885613).
  Note:  The server's computer certificate has expired and it was issued by the Domain Controller mentioned in point A.  Attempts to renew it fail.
  (The issue on CERT1 is like the one mentioned in this article: https://support.microsoft.com/kb/825061?wa=wsignin1.0  however an upgrade wasn't done and it's not old versions of Windows.)
  c. There is a certificate authority machine - part of what was created for a PKI infrastructure - that was kept shutdown.  I've powered it up and the machine is not part of the domain.
  Any thoughts or feedback on easily repairing the current situation so that I can upgrade everything to a new Windows 2012 R2 Certificate infrastructure would be appreciated.
  Thanks!

  Hi Vadims,
      Basically using certificates in the following manner:
  1. User / Computer enrollment in the AD domain.
  2. Any hardware / web services (internal) that need a certificates.  This is usually hardware that has some form of GUI that is accessed via URL, printers accessed via URL and/or that communicate via LDAP to AD, internal UC (Lync is an example), that
  sort of thing.
      A number of machines currently show certificate errors (ie.. certificate has expired) however that hasn't stopped things from working just functioning differently.  I'm going already on the assumption that if I remove the entire CA
  infrastructure and re-install a new one and have everything point to that new CA server that I should be ok but I'm not 100% certain hence why I asked on this forum.
  Also, you're correct is that there is one more CA.  That CA was the server that was turned off/offline that I powered on.  It is not part of the AD domain that the domain controller and the other CA belong to.  (It is standalone.)  I'm
  currently patching the standalone CA since it's been off for what looks like almost 1.5 years. 

• Configuring NPS (windows 2008 R2) for Wl 4400

  Hi
  We are using WL controller 4400, we failed to configure the NPS for the appliance. Can someone help us to configure the NPS for successful authentication? We tried to configure NPS with Windows 2008 R2 DC
  Regards
  LMS

  Hi,
  Unfortunately, the available information is not enough have a clear view of the occurred behavior. For narrow down the reason, could you provide more information about your environment. when this problem occurs the system log record information, screenshots
  is the best information. I don't found the simlar issue, please try to reset the specific user password then monitor the issue again.
  More information:
  Event Logs
  http://technet.microsoft.com/en-us/library/cc722404.aspx
  Thanks.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Update Windows Root Certificates in Windows 2008 R2 Disconnected Environment using WSUS

  Hi all, I need to update the root certs on all my WIndows 2008 R2 servers. They have no internet connectvity. I am aware of the issue described by
  KB931125 but I am not affected by it. My issue is that I would like the 2008R2 servers to update the roots certs form my WSUS servers. Is this possible?

  I would suggest that you identify the few individual root certificates that you need, and import them individually to those servers where they are needed.
  It is NOT possible to update root certificates from a WSUS server, except in the case of workstations that are being configured to install KB931125.
  Do NOT install KB931125 to a server operating system.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• AiroNet 1140 Authentication Issues Windows Server 2008 NPS

  Hello,
  We have an AiroNet 1140 AP that we are trying to configure RADIUS authentication. Our RADIUS server is a Microsoft Windows Server 2008 NPS server. Unfortunately, our Wi-Fi clients are unable to authenticate. We appear to have everything configured on the AP and RADIUS server correctly, but we receive the following errors from the debug on the AP. Doug
  *Mar 14 05:46:58.413: RADIUS/DECODE: No response from radius-server; parse response; FAIL
  *Mar 14 05:46:58.413: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response;
  FAIL
  *Mar 14 05:46:58.413: RADIUS/DECODE: No response from radius-server; parse response; FAIL
  *Mar 14 05:46:58.413: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response;
  FAIL

  Hi Steve, Here is the config for the AP.  Some screenshots of the NPS config are below, too.  Please let me know if you need more information from our NPS server.  Thanks, Doug
  ap#sh run
  Building configuration...
  Current configuration : 2971 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  logging rate-limit console 9
  enable secret 5 $1$1IPZ$WkdzqdeeGvEPvQLCHfGXU.
  aaa new-model
  aaa group server radius rad_eap
  server 10.20.2.96 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  server 10.20.2.96 auth-port 1645 acct-port 1646
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 syslog
  dot11 ssid wifi
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
  username pg_ap privilege 15 secret 5 $1$rg0/$hTYIn.lysNUfxhzxqXonl/
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid wifi
  antenna gain 0
  speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7.
  m8. m9. m10. m11. m12. m13. m14. m15.
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid wifi
  antenna gain 0
  dfs band 3 block
  speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11
  . m12. m13. m14. m15.
  channel dfs
  station-role root access-point
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.40.0.200 255.255.0.0
  no ip route-cache
  ip default-gateway 10.40.0.1
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server local
    no authentication mac
    nas 10.20.2.96 key 7 003555402B5F012F3D007B16062C46430759550B3A232F7E0A1636472C01402573
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 10.20.2.96 auth-port 1645 acct-port 1646 key 7 08100A08261D0F3E202A3B5C251E677C26
  677B1C171E08576F7A4C077F19403C337F0C7C7D035B172550305F756934172E327A1B13250C154D4C3F1319305C3514
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  end
  ap#

• How to connect to Windows 2008 VPN server with certificate support

  Unfortunatelly if I select any Windows 2008 server compatible protocol (PPTP, L2TP) I cannot select PKI certificate, its only available for Cisco VPN. Yet my company has 1000 laptops and utilizing Windows 2008 Server for VPN (Cisco is too expensive and unnecessary because VPN is part of Windows Server). PKI certificate is required for connection security.
  Any plans to enable certificates for PPTP or L2TP in 2.1 firmware? Even better would be to add SSTP protocol with certificate support, because it takes only one standard TCP connection (https) per user (uses least possible NAT resources for heavy loaded NATed WiFi spots). Also in some public places https is the only option to connect as PPTP and L2TP are filtered.

  Hi Shahzad,
  >>how to connect sql server 2008 r2 sp2 with visual studio 2013 ultimate?
  Based on your issue, if you wan to connect the sql server 2008 r2 sp2 from VS2013 IDE. I suggest you can try the Ammar and darnold924's suggestion to check your issue.
  In addition, I suggest you can also refer the following steps to connect the sql server 2008 r2 sp2 with visual studio 2013 ultimate.
  Step1: I suggest you can go to VIEW->SQL Server Object Explorer->Right click SQL Server->Add SQL Server.
  Step2: After you connect the SQL Server 2008 r2 sp2 fine, I suggest you can go to VIEW->Server Explorer-> right click the Data Connection->Add Connection.
  And then you can create the connect string in the Add Connection dialog box.
  Hope it help you!
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Sequential Certificate Serial Numbers using Windows 2008 R2

  It appears that Windows Server 2003 Certificate Services supports sequential certificate serial numbers.  This was an undocumented feature that could be turned on using the certutil command or modifying the CA registry. 
  The certutil command line is: certutil –setreg ca \HighSerial “nn” where ’nn’ is a two digit hex number where at least one of the digits is an alpha character.
  We are standing up OCSP and the ramdon serial numbers are causing difficulty in setting up the OCSP responder. 
  Is this configuration supported on 2008 R2?  Can the same certutil command be used? 

  Thanks for the responses.
  I completed quite a bit of testing on this since posting the question.  Here is what I found:
  Our 2008 R2 CA was upgraded/migrated from 2003 Enterprise Edition (32-bit).  There was a registry setting of 'ca\HighSerial = 00'.  The CA was issuing certificates with 10 byte serial numbers.  The serial numbers had a random component. 
  Example:'4d8e5068000000000794'
  Changing the registry to 'ca\HighSerial = 3f' and restarting resulted in a 19 byte certificate serial number that began with '3f'.  This did not correct the problem I was working because there was a random 10 bytes in the middle of the cert serial number. 
  Example: '3F0000079C594AB5A5DB42C09D00000000079C'
  Changing the registry to 'ca\HighSerial = 10' and restarting also resulted in a 19 byte certificate serial number.  Same result as '3f' but the certificate SN started with '10'. Example: '10000007AA9C90775F1967F8D30000000007AA'
  I then used certutil.exe.  This time I  ran 'Certutil -setreg ca\HighSerial 0xffffffff'.  This updated the registry to 'ffffffff'.  After restarting certificate services and issuing a certificate, the serial numbers were shorter (only
  14 bytes).  I also noticed that the registry setting was changed to a random 8 byte string.  The registry setting was changed from 'ffffffff' to 'e07c453ae9d4131a’
  and the certificate serial numbers were similar.  Additionally, the last 6 bytes were sequential.  Example: '607c453ae9d4131a0000000007b0'
  From there, I shortened the registry entry to 4 bytes (removing pairs of characters from the middle).  This resulted is a 10 byte certificate serial number where the first 4 bytes were the same and the last 6 bytes were sequential.  Example: '607c3a1a0000000007c4'

• Does Oracle EBS 11.5.x/12.0/12.1 have certificate with Windows 2008?

  Is anyone know whether Oracle EBS 11.5.x/12.0/12.1 are certificated with windows 2008?

  Hi;
  Is anyone know whether Oracle EBS 11.5.x/12.0/12.1 are certificated with windows 2008?If you mean IE8 answer yes for r12,but for ebs11 answe is no
  please follow:
  Recommended Browsers for Oracle E-Business Suite Release 12 (Note 389422.1)
  Regard
  Helios

• AD 2008 NPS Radius WLC

  hello,
  Does anyone know where I might find a document spacific to 2008 / NPS / WLC intergration?
  thanks very much for your time,
  greg
  Message was edited by: GREGORY WHYNOTT

  There are some good NPS server installation guides on the net - follow all of the recommended best practices from Microsoft for security and maintenance. When you have a sound base system and the other required components to start this test procedure with a sound NPS server. Here is where the integration occurs between NPS and WLC;
  Set the Auth and Acct ports
  Set your NPS Server access ports by right-clicking the globe symbol of the NPS Server
  Select properties, go to the properties tab and enter 1812 for auth and 1813 for accounting.
  Next, Configure the RADIUS Client Settings  Remember that to NPS the WLC is a RADIUS Client (along with other NAS devices like APs, WLCs, etc.)
  Configure the RADIUS Client Settings
  Expand the options below the NPS Server globe icon
  Add the WLC 5500 in the NPS server as a Radius Client
  1. Right-click RADIUS the Client and Select New RADIUS Client
  2. Enter Friendly Name and IP address of the Cisco WLC
  3. Select RADIUS STANDARD as the RADIUS Vendor
  4. Click the Manual radio button to enter the RADIUS key manually
  5. Enter a strong RADIUS key (make sure you put it in your key pass keeper you will need to add the same shared key to the controller)
  6. Check the Enable Client box
  7. At the time of this writing the controller does not support the Message authenticator setting leave unchecked in advanced tab.
  8. Click OK to close the new RADIUS Client configuration.
  Configure a Connection Policy (This policy determines which network access server to send requests to)
  9. Right Click the Network policy and Select New
  10. Enter a Policy Name (e.g. Connection to Wireless)
  11. Select Unspecified for the Type opf Network Access Server
  12. Add a Condition – pick NAS port type Wireless - 802.11 Click OK.
  13. Add another Condition - choose the group from the AD Domain to grant access (e.g. Domain/Wireless Users) Click OK.
  14. Optional - Add another Condition - a Condition – Add Client IPV4 Address (this is the Controller's IP address) Click OK.
  15. Click Next
  16. Authenticate requests on this server.
  17. Click Next
  18. Do not override security here.
  19. Click Next.
  20. We won't be applying attributes here.
  21. Click Next.
  22. Finish.
  Configure a Network Policy (This determines access)
  23. Right Click on Network Policies and choose New.
  Enter a Policy Name (e.g. Wireless ) 
  24. Select a Windows group Domain/Wireless Users to be allowed access
  25. Click Next.
  25. Select Grant Access - Access is granted if Client attempts match the conditions of this policy.  Click Next.
  26. Configure Authentication Methods
  27. Click Add..Microsoft Protected EAP a methods box will be presented
  28. You can also check v2 below if your organization security policy allows.
  29. You can double-click Microsoft Protected EAP (PEAP) and pick the order - move secure password up.
  30. In the same dialog window select the certificate used by NPS to identify itself to the client (your Windows 7 wireless client)
  Note: Microsoft has lots of documentation about this so look there for group policy guidance and how to get it in your client's trusted root.
  31. Click Next
  32. You can add constraints such as time, etc. here.  Click Next
  33. On the the Configure Settings dialog choose Encryption, Strongest Encryption. Click Next.
  34. This tab is the IP settings tab and that depends on your network.  For now, choose Server settings determine IP. Click Next.
  Add any further Constraints and Conditions after you get your tests working.
  The WLC
  There is a setup wizard on WLC..it will ask you to set up the RADIUS server.
  To configure a RADIUS server now, enter yes and then enter the IP address, communication port, and
  enter no. (Type yes, NPS IP: subnet: Gateway:
  If already set up..
  Configure Security and AAA Server in WLC 5500
  1. Browse to the IP address of WLC.
  2. Click Login and use your username and password credentials.
  3. Choose Security > AAA > RADIUS > Authentication and then click on New to launch RADIUS server configuration page.
  4. Choose the Server Index (the priority order of the RADIUS server). The controller tries Index 1 first, etc.
  5. Enter RADIUS Server IP Address.
  6. Shared Secret Format for now set to ASCII.
  7. Enter the Shared Secret and Confirm the Shared Secret (Be sure to use the exact Shared Secret you used in NPS).
  8. Click on Wireless. In the left hand pan click Authentication. You will see the IP address and port number 1812 of Radius Server.  You need to match the RADIUS Authentication port with the port you are using in NPS.  (Remember, you set that first on NPS above)
  9. Click Accounting. Click New on right hand top corner. You will be presented with a window to add a server, use the same Shared Secret and Port 1813.
  10. Apply changes.
  11. To add another RADIUS server Choose SECURITY > AAA > RADIUS > Authentication and then click New to navigate to this page.
  12. Click on the WLANs Tab >Click on a WLAN>Click on General Tab>Check Enable on Status and Check Enabled on broadcast SSID
  13. Click on the Security Tab>Click Layer2 Tab>Select WPA+WPA2 from Layer2 security drop-down list>Check WPA policy and the same page, enable AES and in Auth Key Mgmt, select 802.1x. Now click the Apply button.
  14. Click on AAA Servers>Select Authentication and Accounting server NPS. 
  15. Ensure that Enable is checked for both Authentication and Accounting radio button. Click Apply.
  Remember to think about the RADIUS process and your policies as you troubleshoot;
  Likely gotchas;
  The shared secrets are mismatched
  The NPS Server certificate is not in the wireless client's trusted root (laptop)
  You are evaluating user dial-in properties and don't mean to.
  Your policies don't grant access or don't match.
  Use the logs and the Microsoft Reason Codes.
  Review appropriate Cisco WLC documentation http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a0080782507.shtml
  Finally, remember that this is a baseline test server to prove your wireless system works.  Before deploying you will want to look at other conditions and constraints for limiting access and authentication by building your security in layers. And you will want to test the system and run security audits.  Run the Best Practice Analyzer from Microsoft and consider adding Smart Cards or tokens to your installation.  http://technet.microsoft.com/en-us/library/ee922674(WS.10).aspx
  Good luck.