Y
Yossi Sara
We revoked a computer certification, and published a new crl with this
cert. in the revocation list.
However, when the workstation is turned on, it can establish a
connection to the network.
It seems that the IAS ignores the CRL (or doesn't check CRL at all).
We know that the IAS will ignore new CRL until, that old one has
expired, so we waited until the old CRL expired, and then ran the
check.
Moreover, we added to registery the dword "IgnoreNoRevocationCheck"
and set its value to 0. It still doesn't help.
If we put the workstation's certification in the 'Untrusted
certificates' in the DC, we do get an error of "The certificate is
revoked", yet it was only a test and definitly not a solution.
My question is, how we should tell the IAS to check the new CRL, and
verify the workstations' certificates?
We have the IAS installed on two Domain controller
cert. in the revocation list.
However, when the workstation is turned on, it can establish a
connection to the network.
It seems that the IAS ignores the CRL (or doesn't check CRL at all).
We know that the IAS will ignore new CRL until, that old one has
expired, so we waited until the old CRL expired, and then ran the
check.
Moreover, we added to registery the dword "IgnoreNoRevocationCheck"
and set its value to 0. It still doesn't help.
If we put the workstation's certification in the 'Untrusted
certificates' in the DC, we do get an error of "The certificate is
revoked", yet it was only a test and definitly not a solution.
My question is, how we should tell the IAS to check the new CRL, and
verify the workstations' certificates?
We have the IAS installed on two Domain controller