Certificate for VPN Client has expired (Computer Certificate)

Discussion in 'Windows XP Networking' started by Guest, May 5, 2005.

  1. Guest

    Guest Guest

    Should it be possbile to renew an computer certificate via VPN? I do not get
    access to the server.
    The problem is that I have 90 computers that only connects via VPN and
    computer sertificates expires during May 2005.

    How should the certificate server (Windows 2000 server) be configured or the
    Vpn connection - too be able to renew the certificate?
     
    Guest, May 5, 2005
    #1
    1. Advertisements

  2. "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    <> wrote in
    news::

    > Should it be possbile to renew an computer certificate via VPN? I do
    > not get access to the server.
    > The problem is that I have 90 computers that only connects via VPN and
    > computer sertificates expires during May 2005.
    >
    > How should the certificate server (Windows 2000 server) be configured
    > or the Vpn connection - too be able to renew the certificate?
    >


    How were the certificates enrolled initially? Did you use autoenrollment,
    the CA Web Enrollment tool, or did you install the certs from floppy disk?

    If the computers are domain members and autoenrollment was used, the
    certificates should be renewed without user interaction, depending on how
    they were deployed.


    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], May 6, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Autoenrollment is used. So when users are connected to LAN everything works
    as it should. BUT my problem is that they only connects via RAS server or
    VPN, and then certificates are not updated.

    I need a possibility to renew the certificate - when users are connected by
    their usual way - not a solution too have them all connected to LAN.

    "James McIllece [MS]" wrote:

    > "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    > <> wrote in
    > news::
    >
    > > Should it be possbile to renew an computer certificate via VPN? I do
    > > not get access to the server.
    > > The problem is that I have 90 computers that only connects via VPN and
    > > computer sertificates expires during May 2005.
    > >
    > > How should the certificate server (Windows 2000 server) be configured
    > > or the Vpn connection - too be able to renew the certificate?
    > >

    >
    > How were the certificates enrolled initially? Did you use autoenrollment,
    > the CA Web Enrollment tool, or did you install the certs from floppy disk?
    >
    > If the computers are domain members and autoenrollment was used, the
    > certificates should be renewed without user interaction, depending on how
    > they were deployed.
    >
    >
    > --
    > James McIllece, Microsoft
    >
    > Please do not send email directly to this alias. This is my online account
    > name for newsgroup participation only.
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
     
    Guest, May 6, 2005
    #3
  4. "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    <> wrote in
    news::

    > Autoenrollment is used. So when users are connected to LAN everything
    > works as it should. BUT my problem is that they only connects via RAS
    > server or VPN, and then certificates are not updated.
    >
    > I need a possibility to renew the certificate - when users are
    > connected by their usual way - not a solution too have them all
    > connected to LAN.
    >
    >snip<


    I am discussing this with the certificates team. Thus far the advice I have
    received for you is as follows:

    "The VPN process doesn't force the CSE to run, you could use Secedit to
    update the machine policy in a script. This will of course only
    renew/enroll computer certs as W2K only supports ACRS (computer certs)."

    I've requested additional information, and if I receive any I will post it
    here. If the situation is urgent you can call Product Support Services.


    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], May 9, 2005
    #4
  5. "James McIllece [MS]" <> wrote in
    news:Xns96516E2A8E49jamesmcionlinemicros@207.46.248.16:

    > "=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?="
    > <> wrote in
    > news::
    >
    >> Autoenrollment is used. So when users are connected to LAN everything
    >> works as it should. BUT my problem is that they only connects via RAS
    >> server or VPN, and then certificates are not updated.
    >>
    >> I need a possibility to renew the certificate - when users are
    >> connected by their usual way - not a solution too have them all
    >> connected to LAN.
    >>
    >>snip<

    >
    > I am discussing this with the certificates team. Thus far the advice I
    > have received for you is as follows:
    >
    > "The VPN process doesn't force the CSE to run, you could use Secedit
    > to update the machine policy in a script. This will of course only
    > renew/enroll computer certs as W2K only supports ACRS (computer
    > certs)."
    >
    > I've requested additional information, and if I receive any I will
    > post it here. If the situation is urgent you can call Product Support
    > Services.
    >
    >


    So all you need to do is run this command on each XP/2000 client:

    gpupdate /force

    You can do this manually at command prompt on the machine or by using a
    script. It will cause group policy to be updated on the machine, and the
    cert will be autoenrolled.



    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], May 9, 2005
    #5
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest
    Replies:
    0
    Views:
    561
    Guest
    Jan 28, 2004
  2. Andres M

    Certificate Services: CA store certificate has expired

    Andres M, Jan 28, 2004, in forum: Microsoft Windows 2000 Security
    Replies:
    2
    Views:
    613
    Guest
    Jan 28, 2004
  3. Replies:
    2
    Views:
    366
  4. Robert

    VPN - Printing from VPN server on VPN client shared printer

    Robert, Nov 1, 2006, in forum: Windows XP Work Remotely
    Replies:
    0
    Views:
    449
    Robert
    Nov 1, 2006
  5. =?iso-8859-1?Q?Markus_G=F6mmel?=
    Replies:
    4
    Views:
    606
    Sooner Al [MVP]
    Mar 28, 2007
Loading...

Share This Page