Announcement

Collapse
No announcement yet.

Problem in configuring IAS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem in configuring IAS

    Hi Friends,

    I have to install an IAS server on one of the domain controller in Child domain. Now, for EPAP authetication I have to assign a certificate but I donot have rights to install an enterprise certificate (for that I need enterprise credentials but I have only domain admin rights in Child domain).

    Now question is
    • Can we request certificate from the root CA or we have to install enteprise CA on all DCs where we have to install IAS.
    • Can we install stand alone CA for this purpose.
    If we can request issuing of certificate from a remote CA then kindly let me know the steps for that since I donot know much about CA/PKI.

    Thanks & Regards
    Yogesh Malhotra

  • #2
    Re: Problem in configuring IAS

    If you enviorment has a PKI in place you can just request a certificate for IAS servers providing the CA have issued a template for IAS. You do not have to install certificate services on the servers where IAS resides, you just need the cert. Installing a standalone CA would only be benificial if you enviorment does not have a PKI setup, this could be done on a laptop too for easy secure storage. Requesting a cert if you have a PKI can be done with the certificate services snapin for the MMC, through a web broswer providing the web service portion is enabled in you infrastructure and through GPO if autoenrollment has been setup.

    Comment


    • #3
      Re: Problem in configuring IAS

      Thanks Dj,

      We have a enterprise CA but when logged on to the IAS server>mmc>certificate>personal and requested a certificate (domain controller template) it throwed 2 errors:

      - CA service is not started : Its not possible it is working
      - You dont have permissions on CA to requst a certificate. I have managed enterprise admin ID

      Now what to do next??

      Comment


      • #4
        Re: Problem in configuring IAS

        Hi,

        Any entries in the event log?
        Have a look at this to see if its relevant to your situation: - http://support.microsoft.com/kb/219059

        Ta
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Problem in configuring IAS

          Not sure about the service not started error, would check to logs on that one. but for the permissions issue, the admins of the CA store with have to add your group or user to that template and allow to enroll that certificate. Also there is a specific template that needs to be setup for IAS servers, the domain controller certificate will not work correctly for IAS authentication. I would get ahold of the people the manage the CA and work with them, certutil.exe http://technet.microsoft.com/en-us/l.../cc772619.aspx will also help you with some troubleshooting with the CA if you have the right permissions.

          Comment


          • #6
            Re: Problem in configuring IAS

            Friend is there any update on this ... issue is still there

            Originally posted by djfiend View Post
            Not sure about the service not started error, would check to logs on that one. but for the permissions issue, the admins of the CA store with have to add your group or user to that template and allow to enroll that certificate. Also there is a specific template that needs to be setup for IAS servers, the domain controller certificate will not work correctly for IAS authentication. I would get ahold of the people the manage the CA and work with them, certutil.exe http://technet.microsoft.com/en-us/l.../cc772619.aspx will also help you with some troubleshooting with the CA if you have the right permissions.

            Comment

            Working...
            X