IT tutorials
 
Windows
 

Windows 7 : How to Troubleshoot Authentication Issues (part 3) - How to Troubleshoot an Untrusted Certification Authority

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
1/2/2014 3:18:47 AM

3. How to Troubleshoot Network Authentication Issues

To improve network security, network administrators often require 802.1X authentication before allowing client computers to connect to either wireless or wired networks. 802.1X authentication works at the network infrastructure layer to provide full network access only to computers that are able to authenticate. For example, on most wireless networks, client computers must be configured with a network security key or a certificate to connect to the wireless access point. On wired networks, network switches that support 802.1X allow a newly connected computer to access only a limited number of servers until the computer is authenticated.

Network authentication can be a problem if Group Policy settings are used to distribute the certificates required for network authentication because the client computer must first connect to the network to retrieve the certificate. To work around this requirement for 802.1X-protected wireless networks, connect client computers to a wired network long enough to update Group Policy settings.

If your organization requires authentication for wired networks (a less common requirement than requiring wireless authentication), work with the domain administrators to identify a procedure for temporarily connecting to the network when wired 802.1X authentication fails. This process might involve connecting the computer across a virtual private network (VPN), manually importing the client certificate on the client computer, or using a smart card to authenticate to the network.

4. How to Troubleshoot an Untrusted Certification Authority

Certificates, such as those issued by an enterprise certification authority (CA), are often used for authentication. Windows 7 can store certificates locally to authenticate a user or the computer itself, and users can carry certificates with them on smart cards. Typically, domain administrators should manage certificates and settings should be propagated to client computers using Group Policy settings. However, if you receive an error informing you that the CA that issued a certificate is not trusted, you can view existing CAs and then import the CA's certificate to configure Windows to trust any certificates issued by the CA.

To view trusted CAs, follow these steps:

  1. Click Start, type mmc, and then press Enter to open a blank Microsoft Management Console (MMC). Respond to the UAC prompt if it appears.

  2. Click File, and then click Add/Remove Snap-in.

  3. Select Certificates and click Add.

  4. If prompted, select My User Account, and then click Finish.

  5. Click OK to close the Add Or Remove Snap-Ins dialog box.

  6. Expand Certificates – Current User, expand Trusted Root Certification Authorities, and then select Certificates.

    The middle pane shows a list of trusted CAs. By default, this includes more than 10 default public CAs. In addition, it should include any internal CAs used by your organization. If your organization has an enterprise CA and it does not appear on this list, contact the domain administrator for assistance because the CA trust should be configured by using Group Policy.

Alternatively, you can trust a CA manually by following these steps from within the Certificates snap-in:

  1. Below Trusted Root Certification Authorities, right-click Certificates, click All Tasks, and then click Import.

    The Certificate Import Wizard appears.

  2. On the Welcome To The Certificate Import Wizard page, click Next.

  3. On the File To Import page, click Browse. Select your CA certificate (which can be provided by the CA administrator or exported from a computer that trusts the CA), and then click Next.

  4. On the Certificate Store page, accept the default certificate store (Trusted Root Certification Authorities) and then click Next.

  5. On the Completing The Certificate Import Wizard page, click Finish.

  6. If prompted with a security warning, click Yes.

  7. Click OK to confirm that the import was successful.

    Now your user account will trust any certificates issued by the CA.

5. How to Troubleshoot Untrusted Computer Accounts

Computers have accounts in AD DS domains, just like users have accounts. Typically, computer accounts (also known as machine accounts) do not require ongoing management because Windows and the domain controller automatically create a password and authenticate the computer at startup.

However, computer accounts can become untrusted, which means the computer's security identifier (SID) or password are different from those stored in the AD DS. This occurs when either of the following occurs:

  • Multiple computers have the same SID. This can happen when a computer is deployed by copying the hard disk image and the Sysprep deployment tool is not used to reset the SID.

  • The computer account is corrupted in the AD DS.

You cannot reset the password on a computer account as you can the password of a user account. If a computer account becomes untrusted, the easiest way to solve the problem is to rejoin the computer to the domain by following these steps:

  1. On the untrusted computer, click Start. Right-click Computer, and then click Properties. The System window appears.

  2. In the Computer Name, Domain, And Workgroup Settings group, click Change Settings. The System Properties dialog box appears.

  3. Click Change. The Computer Name/Domain Changes dialog box appears.

  4. Click Workgroup, and then click OK. This removes the computer from the domain. Restart the computer when prompted.

  5. In the Active Directory Users And Computers tool on a domain controller, right-click the computer account and then click Reset Account.

  6. On the untrusted computer, repeat steps 2–4 to open the Computer Name/Domain Changes dialog box. Then, click Domain, and type the name of your domain. Provide domain administrator credentials to add the computer to the domain, and restart the computer when prompted.

Alternatively, you can use the Netdom command-line tool on a computer running Windows Server 2008 R2 to reset a computer account password. For earlier server versions of Windows, Netdom was included in the Support\Tools folder on the Windows DVD. For more information about Netdom, run netdom /? at a command prompt. Netdom is not included with Windows 7, however.

Practice: Save Credentials for Future Use

In this practice, you use Credential Manager to store credentials, enabling you to authenticate to a remote computer automatically.

EXERCISE Use Credential Manager

In this exercise, you use Credential Manager to save credentials for future use.

  1. Log on to a computer running Windows 7. Create a new user account with the user name MyLocalUser and assign a password. This account will not exist on any network computers. Therefore, when connecting to remote computers, the user will always need to provide alternate credentials.

  2. On a remote computer, create a shared folder. Make note of the server and share name.

  3. Log on as MyLocalUser.

  4. Click Start, and then click Computer. Then, click Map Network Drive.

  5. In the Map Network Drive dialog box, type \\server\share to attempt to connect to the share you created in step 2. Click Finish.

  6. When the Connect To Server dialog box appears, click Cancel twice.

    This dialog box appeared because your current account did not have privileges on the remote server and you had not entered credentials in Credential Manager.

    Note

    CONFIGURE THE CREDENTIALS FOR THIS PRACTICE MANUALLY

    For the purpose of this practice, you should configure the credentials manually using Credential Manager. However, a much easier way to accomplish the same thing is to complete the User Name and Password fields and then select the Remember My Password check box. This causes Windows Explorer to store the credentials automatically.

  7. Click Start, and then click Control Panel.

  8. Click the User Accounts link twice.

  9. In the left pane, click the Manage Your Credentials link.

    Credential Manager appears.

  10. Click Add A Windows Credential.

  11. In the Internet Or Network Address, type the name of the server that you attempted to connect to in step 5.

  12. In the User Name and Password boxes, type your administrative credentials to the remote server.

  13. Click OK.

  14. Click Start, and then click Computer. Then, click Map Network Drive.

  15. In the Map Network Drive dialog box, type \\server\share to attempt to connect to the same share you specified in step 5. Clear the Reconnect At Logon check box, and then click Finish.

    Windows Explorer automatically connects to the shared folder without prompting you for credentials. Instead of requiring you to type the user name and password, it retrieved them from Credential Manager.

 
Others
 
- Windows 7 : How to Troubleshoot Authentication Issues (part 2) - How to Use Auditing to Troubleshoot Authentication Problems
- Windows 7 : How to Troubleshoot Authentication Issues (part 1) - Identifying Logon Restrictions
- Windows 7 : Authenticating Users - How to Use Credential Manager
- Windows 7 : Changing the Default Connection, Managing Multiple Internet Connections
- Windows 7 : Configuring a High-Speed Connection (part 2) - Setting Up a Fixed IP Address
- Windows 7 : Configuring a High-Speed Connection (part 1) - Configuring a PPPoE Broadband Connection, Setting Up Dynamic IP Addressing
- Windows 7 : Installing a Network Adapter for Broadband Service
- Windows Server 2008 : Understanding Group Policy Settings (part 2) - Deploying Applications
- Windows Server 2008 : Understanding Group Policy Settings (part 1) - Enabling Auditing Through Group Policy
- Windows Server 2008 : Filtering GPOs by Modifying Permissions
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
Facebook
 
Technology FAQ
- IIS Web site works in all browsers except Safari on Mac
- notification
- alternative current in to a pc
- parse url in JavaScript
- Dual WAN on a Fortigate 60
- Should Sys Admins (Domain Admins) also have user accounts?
- DR solution for data warehouse
- C# Creating Plugins
- SCCM 2007 collection by OU not showing all pc's
- Email account got spoofed?
programming4us programming4us