While connecting to a wireless network on a Windows system that is part of a workgroup, a Windows Security Alert dialog similar to the following may be displayed:
The server “<Authentication server>” presented a valid certificate issued by “<CA name>”, but “<CA name>” is not configured as a valid trust anchor for this profile. Further, the server “<Authentication server>” is not configured as a valid NPS server to connect to this profile.
The server “<Authentication server>” presented a valid certificate issued by “<CA name>”, but “<CA name>” is not configured as a valid trust anchor for this profile.
If you click the Connect button on the dialog box, the wireless connection will be established successfully.
To validate the server certificate, Windows will check if the second element in the chain, the Certification Authority (CA) that issued the end certificate, is a trusted CA for Windows NT Authentication. A CA is considered to be trusted if it exists in the "NTAuth" system registry store found in the CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE store location. If this verification fails, either of the warning messages in the Symptoms section could occur. By default, the CA certificate is not in the NTAuth store on a Windows system that is part of a workgroup.
certutil -enterprise -addstore NTAuth CA_CertFilename.cer
Steps to reproduce.
1. Connect to a new Wireless network that does not have an existing wireless profile. (if profile exists then delete the profile first)
2. Enter user certificate or username/password for PEAP-MSCHAPv2 authentication
3. Problem "Windows Security Alert" page is presented.
4. Either click "Connect" to continue or "Terminate" to cancel wireless authentication and profile creation
Product Bug Number:
Author ID (email alias): nazheng
Writer ID(email alias): mplatts
Tech Review ID (email alias): ptsmezcs
Confirm Article has been Tech Reviewed: Yes
Confirm Article released for Publishing: Yes
문서 ID: 2518158 - 마지막 검토: 2011. 5. 20. - 수정: 1