PC Review


Reply
Thread Tools Rate Thread

Certificate for VPN Client has expired (Computer Certificate)

 
 
=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?=
Guest
Posts: n/a
 
      5th May 2005
Should it be possbile to renew an computer certificate via VPN? I do not get
access to the server.
The problem is that I have 90 computers that only connects via VPN and
computer sertificates expires during May 2005.

How should the certificate server (Windows 2000 server) be configured or the
Vpn connection - too be able to renew the certificate?
 
Reply With Quote
 
 
 
 
James McIllece [MS]
Guest
Posts: n/a
 
      6th May 2005
"=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
<(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Should it be possbile to renew an computer certificate via VPN? I do
> not get access to the server.
> The problem is that I have 90 computers that only connects via VPN and
> computer sertificates expires during May 2005.
>
> How should the certificate server (Windows 2000 server) be configured
> or the Vpn connection - too be able to renew the certificate?
>


How were the certificates enrolled initially? Did you use autoenrollment,
the CA Web Enrollment tool, or did you install the certs from floppy disk?

If the computers are domain members and autoenrollment was used, the
certificates should be renewed without user interaction, depending on how
they were deployed.


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Reply With Quote
 
 
 
 
=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?=
Guest
Posts: n/a
 
      6th May 2005
Autoenrollment is used. So when users are connected to LAN everything works
as it should. BUT my problem is that they only connects via RAS server or
VPN, and then certificates are not updated.

I need a possibility to renew the certificate - when users are connected by
their usual way - not a solution too have them all connected to LAN.

"James McIllece [MS]" wrote:

> "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
> <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
> > Should it be possbile to renew an computer certificate via VPN? I do
> > not get access to the server.
> > The problem is that I have 90 computers that only connects via VPN and
> > computer sertificates expires during May 2005.
> >
> > How should the certificate server (Windows 2000 server) be configured
> > or the Vpn connection - too be able to renew the certificate?
> >

>
> How were the certificates enrolled initially? Did you use autoenrollment,
> the CA Web Enrollment tool, or did you install the certs from floppy disk?
>
> If the computers are domain members and autoenrollment was used, the
> certificates should be renewed without user interaction, depending on how
> they were deployed.
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>

 
Reply With Quote
 
James McIllece [MS]
Guest
Posts: n/a
 
      9th May 2005
"=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
<(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Autoenrollment is used. So when users are connected to LAN everything
> works as it should. BUT my problem is that they only connects via RAS
> server or VPN, and then certificates are not updated.
>
> I need a possibility to renew the certificate - when users are
> connected by their usual way - not a solution too have them all
> connected to LAN.
>
>snip<


I am discussing this with the certificates team. Thus far the advice I have
received for you is as follows:

"The VPN process doesn't force the CSE to run, you could use Secedit to
update the machine policy in a script. This will of course only
renew/enroll computer certs as W2K only supports ACRS (computer certs)."

I've requested additional information, and if I receive any I will post it
here. If the situation is urgent you can call Product Support Services.


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Reply With Quote
 
James McIllece [MS]
Guest
Posts: n/a
 
      9th May 2005
"James McIllece [MS]" <(E-Mail Removed)> wrote in
news:Xns96516E2A8E49jamesmcionlinemicros@207.46.248.16:

> "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
> <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> Autoenrollment is used. So when users are connected to LAN everything
>> works as it should. BUT my problem is that they only connects via RAS
>> server or VPN, and then certificates are not updated.
>>
>> I need a possibility to renew the certificate - when users are
>> connected by their usual way - not a solution too have them all
>> connected to LAN.
>>
>>snip<

>
> I am discussing this with the certificates team. Thus far the advice I
> have received for you is as follows:
>
> "The VPN process doesn't force the CSE to run, you could use Secedit
> to update the machine policy in a script. This will of course only
> renew/enroll computer certs as W2K only supports ACRS (computer
> certs)."
>
> I've requested additional information, and if I receive any I will
> post it here. If the situation is urgent you can call Product Support
> Services.
>
>


So all you need to do is run this command on each XP/2000 client:

gpupdate /force

You can do this manually at command prompt on the machine or by using a
script. It will cause group policy to be updated on the machine, and the
cert will be autoenrolled.



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Google.com has expired, Microsoft.com has expired etc... strumaway@gmail.com Windows XP Internet Explorer 2 30th Nov 2005 06:51 AM
HTTPS - security certificate has expired or is not yet valid Nick Marshall Windows XP Internet Explorer 0 8th Apr 2004 12:19 PM
Certificate Services: CA store certificate has expired Andres M Microsoft Windows 2000 Security 2 28th Jan 2004 09:16 PM
MS Certificate services - CA root certificate has expired Microsoft Windows 2000 0 28th Jan 2004 08:55 PM
certificate has expired? squid? greg Windows XP Internet Explorer 0 7th Oct 2003 05:19 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 06:40 AM.