Hi, all, I am having a strange problem I can not explain. I am deploying EAP-TLS in our internal wireless network. I use Windows2003 server certificate service as root CA. When I first installed the service, I chose a root CA name as "Root-CA", later I learned that in order to support SCEP, I can not have non-alphanumerical root CA name, so I uninstalled the service and reinstalled it and re-created root CA with name "RootCA".
When XP clients do certificate web enrollment and install the certificate, I see three CAs listed in trusted root CA, they are "RootCA", "RootCA", "Root-CA", each created in different time.
IAS's certificate is issued by "RootCA"
Now when "RootCA" is trusted on client, I can not get EAP-TLS to work, Windows IAS is complaining: "Unexpected error, Possible error in server or client configuration", but if client trusts "Root-CA", then authentication passes. Why is that? IAS Radius server's certificate is issued by "RootCA" not "Root-CA" ...