We commonly see this when the time/date on the computer isn't correct
or in a few cases the computer didn't have any root certificates
installed. I don't think I have had any instances where I needed to
turn off CRL checking in IE. I'd verify these things first.
--Jeremy
On Wed, Oct 28, 2009 at 17:41, Aaron Abitia <[log in to unmask]> wrote:
> Thanks...we are using Thawte certs...from a couple other responses in this
> thread, it looks like this is probably another facet of a known Cisco bug
> that affects Vista, even though my machine in question is XP and other CCA
> admins have seen this same issue on XP too.
>
> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy37405
>
> -Aaron
>
> On Wed, Oct 28, 2009 at 8:30 AM, Daniel Sichel <[log in to unmask]>
> wrote:
>>
>> >Hello folks,
>> >
>> >I have a Windows machine running XP Pro/Home that is getting a message
>> >intermittently when logging in. The message displays after the Agent
>> pops
>> >up and the user hits "enter" to login. It is, "Revocation information
>> for
>> >the security certificate for this site is not available. Do you want
>> to
>> >proceed?" If the user hits "yes", then go on as normal with the login
>> and
>> >can get on the network. If the user hits "view certificate", they can
>> view
>> >the certificate information from our CCA server and has the option to
>> hit a
>> >button to "install certificate", which they did only most recently,
>> then
>> >they can get on the network as well. At no time has the user not been
>> able
>> >to get on the network. We have valid certs installed, and this message
>> >doesn't happen everytime, only sometimes. Just trying to ascertain
>> what the
>> >message means and why it happens when it does...I know that the Agent
>> uses
>> >cert information from installed browsers on a machine, but why does
>> this
>> >message come up on this machine and not all the others, is the
>> question.
>> >Why did the user get asked this one time and not all the other times
>> that
>> >they logged in? It seems to come and go. Cisco has provided me info
>> on how
>> >to make it go away, so that part is fine, but I'm looking for the "why"
>> >part. Many thanks for any insight.
>> >
>>
>> If you are using Windows Server(s) for your trusted root cert server, go
>> to the manager and tell it to publish revocation information. I had this
>> exact issue and nobody could log in. For some reason the windows
>> revocation publication stops from time to time.
>>
>> Dan Sichel
>> Ponderosa Telephone
>
>
>
> --
> Aaron Abitia
> Network Analyst
> Network Administration, ITS
> Cal Poly State University
> Tel: 805.756.1295
>
|