Certificate disappears after a few hours?

I am running NPS for wireless certificate authentication on two 2008 domain
controllers.

Default certificates on these servers are based on the templates "Domain
Controller Authentication" and "Directory Email Replication".

However, none of these are accepted as EAP certificate in the NPS policy,
but if I add the "Domain Controller" certificate everything works as
expected.

My problem is that this new certificate vanishes after a few hours, and I
have to enroll a new to enable user access to the wireless network.

What can cause this behaviour?

Ole Thomsen

This is very similar to my problem, except for older versions (IAS on Server
2003).

http://www.webservertalk.com/message1044040.html

Ole Thomsen

"Ole Thomsen" <> wrote in message
news:14EEA98D-CF01-428C-A827-...
>I am running NPS for wireless certificate authentication on two 2008 domain
>controllers.
>
> Default certificates on these servers are based on the templates "Domain
> Controller Authentication" and "Directory Email Replication".
>
> However, none of these are accepted as EAP certificate in the NPS policy,
> but if I add the "Domain Controller" certificate everything works as
> expected.
>
> My problem is that this new certificate vanishes after a few hours, and I
> have to enroll a new to enable user access to the wireless network.
>
> What can cause this behaviour?
>
> Ole Thomsen
>

I solved it.

I think the reason why the "Domain Controller" certificate disappears is
because it is superseeded by the "Domain Controller Authentication"
certificate. This is stated in the "Domain Controller Authentication"
template.

To make authentication work I had to activate the "RAS and IAS" template on
our CA, and setup autoenrollment for it. After reboot of the NPS servers the
had the new certificate and RADIUS authentication from wireless clients was
successful.

Ole Thomsen


"Ole Thomsen" <> wrote in message
news:14EEA98D-CF01-428C-A827-...
>I am running NPS for wireless certificate authentication on two 2008 domain
>controllers.
>
> Default certificates on these servers are based on the templates "Domain
> Controller Authentication" and "Directory Email Replication".
>
> However, none of these are accepted as EAP certificate in the NPS policy,
> but if I add the "Domain Controller" certificate everything works as
> expected.
>
> My problem is that this new certificate vanishes after a few hours, and I
> have to enroll a new to enable user access to the wireless network.
>
> What can cause this behaviour?
>
> Ole Thomsen
>