Certificate for VPN Client has expired (Computer Certificate)

Discussion in 'Windows XP Networking' started by Guest, May 5, 2005.

  1. Guest

    Guest Guest

    Should it be possbile to renew an computer certificate via VPN? I do not get
    access to the server.
    The problem is that I have 90 computers that only connects via VPN and
    computer sertificates expires during May 2005.

    How should the certificate server (Windows 2000 server) be configured or the
    Vpn connection - too be able to renew the certificate?
     
    Guest, May 5, 2005
    #1
    1. Advertisements

  2. "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    <> wrote in
    news::

    > Should it be possbile to renew an computer certificate via VPN? I do
    > not get access to the server.
    > The problem is that I have 90 computers that only connects via VPN and
    > computer sertificates expires during May 2005.
    >
    > How should the certificate server (Windows 2000 server) be configured
    > or the Vpn connection - too be able to renew the certificate?
    >


    How were the certificates enrolled initially? Did you use autoenrollment,
    the CA Web Enrollment tool, or did you install the certs from floppy disk?

    If the computers are domain members and autoenrollment was used, the
    certificates should be renewed without user interaction, depending on how
    they were deployed.


    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], May 6, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Autoenrollment is used. So when users are connected to LAN everything works
    as it should. BUT my problem is that they only connects via RAS server or
    VPN, and then certificates are not updated.

    I need a possibility to renew the certificate - when users are connected by
    their usual way - not a solution too have them all connected to LAN.

    "James McIllece [MS]" wrote:

    > "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    > <> wrote in
    > news::
    >
    > > Should it be possbile to renew an computer certificate via VPN? I do
    > > not get access to the server.
    > > The problem is that I have 90 computers that only connects via VPN and
    > > computer sertificates expires during May 2005.
    > >
    > > How should the certificate server (Windows 2000 server) be configured
    > > or the Vpn connection - too be able to renew the certificate?
    > >

    >
    > How were the certificates enrolled initially? Did you use autoenrollment,
    > the CA Web Enrollment tool, or did you install the certs from floppy disk?
    >
    > If the computers are domain members and autoenrollment was used, the
    > certificates should be renewed without user interaction, depending on how
    > they were deployed.
    >
    >
    > --
    > James McIllece, Microsoft
    >
    > Please do not send email directly to this alias. This is my online account
    > name for newsgroup participation only.
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
     
    Guest, May 6, 2005
    #3
  4. "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    <> wrote in
    news::

    > Autoenrollment is used. So when users are connected to LAN everything
    > works as it should. BUT my problem is that they only connects via RAS
    > server or VPN, and then certificates are not updated.
    >
    > I need a possibility to renew the certificate - when users are
    > connected by their usual way - not a solution too have them all
    > connected to LAN.
    >
    >snip<


    I am discussing this with the certificates team. Thus far the advice I have
    received for you is as follows:

    "The VPN process doesn't force the CSE to run, you could use Secedit to
    update the machine policy in a script. This will of course only
    renew/enroll computer certs as W2K only supports ACRS (computer certs)."

    I've requested additional information, and if I receive any I will post it
    here. If the situation is urgent you can call Product Support Services.


    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], May 9, 2005
    #4
  5. "James McIllece [MS]" <> wrote in
    news:Xns96516E2A8E49jamesmcionlinemicros@207.46.248.16:

    > "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    > <> wrote in
    > news::
    >
    >> Autoenrollment is used. So when users are connected to LAN everything
    >> works as it should. BUT my problem is that they only connects via RAS
    >> server or VPN, and then certificates are not updated.
    >>
    >> I need a possibility to renew the certificate - when users are
    >> connected by their usual way - not a solution too have them all
    >> connected to LAN.
    >>
    >>snip<

    >
    > I am discussing this with the certificates team. Thus far the advice I
    > have received for you is as follows:
    >
    > "The VPN process doesn't force the CSE to run, you could use Secedit
    > to update the machine policy in a script. This will of course only
    > renew/enroll computer certs as W2K only supports ACRS (computer
    > certs)."
    >
    > I've requested additional information, and if I receive any I will
    > post it here. If the situation is urgent you can call Product Support
    > Services.
    >
    >


    So all you need to do is run this command on each XP/2000 client:

    gpupdate /force

    You can do this manually at command prompt on the machine or by using a
    script. It will cause group policy to be updated on the machine, and the
    cert will be autoenrolled.



    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], May 9, 2005
    #5
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jonathan
    Replies:
    0
    Views:
    566
    Jonathan
    Jul 11, 2003
  2. Paul Price
    Replies:
    1
    Views:
    486
    Robert L [MS-MVP]
    Aug 14, 2003
  3. Archie Campbell

    the semaphore timeout period has expired

    Archie Campbell, Nov 15, 2003, in forum: Windows XP Networking
    Replies:
    0
    Views:
    443
    Archie Campbell
    Nov 15, 2003
  4. Guest
    Replies:
    0
    Views:
    912
    Guest
    Mar 18, 2004
  5. johns

    dhcp -the semaphore timeout period has expired

    johns, Aug 3, 2004, in forum: Windows XP Networking
    Replies:
    0
    Views:
    696
    johns
    Aug 3, 2004
  6. Michael Appelmans

    VPN XP client to linksys VPN router questions

    Michael Appelmans, Aug 16, 2004, in forum: Windows XP Networking
    Replies:
    0
    Views:
    410
    Michael Appelmans
    Aug 16, 2004
  7. Guest

    Semaphore Timeout Period has Expired

    Guest, Apr 17, 2005, in forum: Windows XP Networking
    Replies:
    1
    Views:
    704
    Richard G. Harper
    Apr 17, 2005
  8. Replies:
    1
    Views:
    721
    Robert L [MVP - Networking]
    May 21, 2007
Loading...