Re: PAC Provisioning Fails Without End-User Accepting PAC Pop-up
The provisioning of the Machine PAC, which is needed for machine context connections, is accomplished using the server certificate or machine security identity (SID). Machine PACs are only supported in newer versions of authentication servers (ACS 4.0 or later) which have been upgraded to support EAP-FAST v1a.
To make a make a machine connection before the PAC has been provisioned, the CA certificate used to trust the server certificate must be placed in the proper Windows Certificate Store (Local Computer-Trusted Root Store).
The host must also provide these machine credentials:
â¢Active Directory provided machine certificate. The authentication method must support the use of a certificate to provide machine client credentials - the server must be appropriately configured to call for an inner tunnel method of TLS.
â¢Active Directory provided SID (password). The authentication method must support the use of a password to provide machine client credentials.
Finally, the FAST authentication server must be configured for auto creation of administrator's unique machine PAC information.