Certificate for VPN Client has expired (Computer Certificate)

[Guest]

Should it be possbile to renew an computer certificate via VPN? I do not get
access to the server.
The problem is that I have 90 computers that only connects via VPN and
computer sertificates expires during May 2005.

How should the certificate server (Windows 2000 server) be configured or the
Vpn connection - too be able to renew the certificate?

 

[James McIllece [MS]]

Should it be possbile to renew an computer certificate via VPN? I do
not get access to the server.
The problem is that I have 90 computers that only connects via VPN and
computer sertificates expires during May 2005.

How should the certificate server (Windows 2000 server) be configured
or the Vpn connection - too be able to renew the certificate?

How were the certificates enrolled initially? Did you use autoenrollment,
the CA Web Enrollment tool, or did you install the certs from floppy disk?

If the computers are domain members and autoenrollment was used, the
certificates should be renewed without user interaction, depending on how
they were deployed.


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Autoenrollment is used. So when users are connected to LAN everything works
as it should. BUT my problem is that they only connects via RAS server or
VPN, and then certificates are not updated.

I need a possibility to renew the certificate - when users are connected by
their usual way - not a solution too have them all connected to LAN.

 

[James McIllece [MS]]

Autoenrollment is used. So when users are connected to LAN everything
works as it should. BUT my problem is that they only connects via RAS
server or VPN, and then certificates are not updated.

I need a possibility to renew the certificate - when users are
connected by their usual way - not a solution too have them all
connected to LAN.

snip<

I am discussing this with the certificates team. Thus far the advice I have
received for you is as follows:

"The VPN process doesn't force the CSE to run, you could use Secedit to
update the machine policy in a script. This will of course only
renew/enroll computer certs as W2K only supports ACRS (computer certs)."

I've requested additional information, and if I receive any I will post it
here. If the situation is urgent you can call Product Support Services.


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[James McIllece [MS]]

I am discussing this with the certificates team. Thus far the advice I
have received for you is as follows:

"The VPN process doesn't force the CSE to run, you could use Secedit
to update the machine policy in a script. This will of course only
renew/enroll computer certs as W2K only supports ACRS (computer
certs)."

I've requested additional information, and if I receive any I will
post it here. If the situation is urgent you can call Product Support
Services.

So all you need to do is run this command on each XP/2000 client:

gpupdate /force

You can do this manually at command prompt on the machine or by using a
script. It will cause group policy to be updated on the machine, and the
cert will be autoenrolled.



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.