802.1x and Windows 2003

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am trying to make a connection between a Mac (Mac OS X 10.3) and Windows 2003 server using eap-tls. The Log of the IAS Server which is in IAS format shows a value of 295 for the Reason -Code 4142 which explains the reason why the client's petition is rejected. I have look at the codes of Microsoft and there is no explanation for this value (the larger number they have for the reason code 4142 is 97 according to the file included in the Help File of the Server)

Does someone know what this value means

Regard
 
I assume you have already checked this article:
816589 HOW TO: Support Wireless Connections That Use EAP-TLS Authentication
in
http://support.microsoft.com/?id=816589

As such you should have a certificate of some kind (either a certificate
server of your own or third party), added the access points, etc. If
possible can you confirm that these are all set? And if possible can you
get more detail about the error, where exactly is this error appearing?
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
From: =?Utf-8?B?Sm9zZSBBbHZhcmV6?= <[email protected]>
Subject: 802.1x and Windows 2003
Date: Mon, 2 Feb 2004 15:56:07 -0800

I am trying to make a connection between a Mac (Mac OS X 10.3) and Windows
Click to expand...
2003 server using eap-tls. The Log of the IAS Server which is in IAS format
shows a value of 295 for the Reason -Code 4142 which explains the reason
why the client's petition is rejected. I have look at the codes of
Microsoft and there is no explanation for this value (the larger number
they have for the reason code 4142 is 97 according to the file included in
the Help File of the Server).

Does someone know what this value means?

Regards
 
Curtis

Thank´s for the reply, I will check the article you suggested, I have set the necessary Certificates at the Server and at The client, including adequate CA to verify the credentials. The error appears in the IAS log which is located in c:/windows/system32/LogFiles. I think the error results from IAS not accepting the clients certificate, probably because it does not specifically contain the clients identification as it´s purpose.
 
I solved the problem by generating the client certificate using the CA included in Windows 2003 Server, marked the private key as exportable and then installed the key and the Certificate in my Mac. So the problem was with the clients certificate not being generated with the correct requirements for TLS (the certificate I used first, was generated using OpenSSl, it should have worked if I knew how to generate the correct certificate)

I still think that Microsoft should update the meaning of all the codes that the IAS Server generates in the relevant Log Files, otherwise troubleshotting becomes more difficult and based on guessing.
 
Back
Top