Hi folks! I was hoping to glean some of your wisdom. Here's the problem:
I have an SBS03 server set up, with:
- IAS running with RADIUS
- RRAS running with RADIUS
- Enterprise CA running
The server is set up to allow incoming VPN connections to those who have a valid client certificate. I configured the CA to allow a group of VPNusers to be allowed to enroll for client certificates using the standard User template. So far, so good: no problems. I can enroll for a certificate, install it, and configure the VPN connectoid on my Windows XP client to connect with it.
However, what I would really like is to stuff the certificate on a token. And that's what DOESN'T work. We're using OAUTH-compliant SecureMetric ST3 tokens. I can export the certificate from the server and onto the token without trouble, and when I hook up the token it shows up in the current user's certificate store, but.. the VPN connectoid doesn't seem to see it and gives me the following error:
Cannot load dialog.
Error 798: A certificate could not be found that can be used with this Extensible Authentication Protocol.
If I stick the certificate back into the current user's store manually and remove the token, once again connecting works perfectly. Somehow XP notices the difference. Does anyone have any idea what the cause could be, and how to get around it?
Thanks in advance!
I have an SBS03 server set up, with:
- IAS running with RADIUS
- RRAS running with RADIUS
- Enterprise CA running
The server is set up to allow incoming VPN connections to those who have a valid client certificate. I configured the CA to allow a group of VPNusers to be allowed to enroll for client certificates using the standard User template. So far, so good: no problems. I can enroll for a certificate, install it, and configure the VPN connectoid on my Windows XP client to connect with it.
However, what I would really like is to stuff the certificate on a token. And that's what DOESN'T work. We're using OAUTH-compliant SecureMetric ST3 tokens. I can export the certificate from the server and onto the token without trouble, and when I hook up the token it shows up in the current user's certificate store, but.. the VPN connectoid doesn't seem to see it and gives me the following error:
Cannot load dialog.
Error 798: A certificate could not be found that can be used with this Extensible Authentication Protocol.
If I stick the certificate back into the current user's store manually and remove the token, once again connecting works perfectly. Somehow XP notices the difference. Does anyone have any idea what the cause could be, and how to get around it?
Thanks in advance!