Unable to get backup Self-sign Certificate to Authenticate Wireless Users

Unanswered Question
Jul 15th, 2009
User Badges:

I currently am running a primary/backup ACS server to authenticate my wireless users. PEAP is the authentication method. I generated a self-sign certificate on both the primary and backup ACS servers and primary works fine. When I stop services on the primary I see users fail to the backup but on my test machine which has the secondary certificate loaded it will not authenticate.

I submitted a package.cab file to TAC and they couldn't even see my machine hit the ACS server.

Has anyone seen this issue?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Robert.N.Barrett_2 Wed, 07/15/2009 - 12:51
User Badges:
  • Bronze, 100 points or more

Perhaps you should eliminate the certificate as being a potential part of the problem. On your wireless client, disable the server certificate check.

You might also want to try setting your secondary server as the PRIMARY server to see if it is authenticating properly. You should also check the ACS logs to ensure that things like mis-configured shared secrets aren't the real cause of your problem.

Also - is the wireless client timing out before your wireless network/ACS combo have figured out that the primary ACS server is offline?

darcy Fri, 07/17/2009 - 10:29
User Badges:

I will give your suggestions a try this weekend.

Thank you


This Discussion



Trending Topics - Security & Network