Revocation error when logging onto a Win2k domain with a s..

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I'm having quite a few problems with Smartcard logon. Each time I try
to logon to certain Win2k Professional workstation I get the following
message:-
"The revocation function was unable to check revocation
because the revocation server was offline"

To elimate sites I have moved a workstation that has this problem from
one site to another but the problem persists. I have removed the
workstation from the domain and re-added it back in, No difference. So
far all I know is if you use ctrl+alt+del everything is OK but as soon
as you use a smartcard I keep getting the error message.

As far as I'm aware the CRL's are replicating around the domain
controllers fine and are updating without user intervention. If anyone
can help or suggest any ideas that I can try I'd be very greatful.

Thanks,

Dave
3 answers Last reply
More about revocation error logging win2k domain
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Dave-

    From the machine where you see this error can you reach the specified CRL?
    CRLs are commonly HTTP URLs, possibly LDAP ones. If you don't recall the
    specific URLs you should be able to find them by opening the Certificates
    snapin for the user or machine and opening the specific certificate.

    If the certificate is one on the smartcard you may need to use software from
    the manufacturer to look at the certificate fields.

    The essential idea is to make sur ethat you can get to the CRL from that
    client. Please repost and let us know if this helps.
    --
    Tim Springston
    Microsoft Corporation
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Dave Heckford" <dheckford@blueyonder.co.uk> wrote in message
    news:4b08eb79.0407260443.4f1131e2@posting.google.com...
    > Hi,
    >
    > I'm having quite a few problems with Smartcard logon. Each time I try
    > to logon to certain Win2k Professional workstation I get the following
    > message:-
    > "The revocation function was unable to check revocation
    > because the revocation server was offline"
    >
    > To elimate sites I have moved a workstation that has this problem from
    > one site to another but the problem persists. I have removed the
    > workstation from the domain and re-added it back in, No difference. So
    > far all I know is if you use ctrl+alt+del everything is OK but as soon
    > as you use a smartcard I keep getting the error message.
    >
    > As far as I'm aware the CRL's are replicating around the domain
    > controllers fine and are updating without user intervention. If anyone
    > can help or suggest any ideas that I can try I'd be very greatful.
    >
    > Thanks,
    >
    > Dave
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    In article <4b08eb79.0407260443.4f1131e2@posting.google.com>, in the
    microsoft.public.win2000.security news group, Dave Heckford
    <dheckford@blueyonder.co.uk> says...

    > As far as I'm aware the CRL's are replicating around the domain
    > controllers fine and are updating without user intervention. If anyone
    > can help or suggest any ideas that I can try I'd be very greatful.
    >

    You'll need to describe your PKI in more detail for us here. There are a
    number of requirements regarding CRLs and smart cards, and without
    details of your PKI, it is going to be tough to help you out here.

    In the interim, this may help somewhat:

    http://www.microsoft.com/technet/prodtechnol/winxppro/support/tshtcrl.ms
    px

    or

    http://tinyurl.com/4kbmn

    Also check out
    http://support.microsoft.com/default.aspx?scid=kb;en-us;281245

    Although this is for 3rd paty CAs, the requirements are the same for
    Windows Server CAs it is just that most of the requirements will be
    taken care of for you.


    --
    Paul Adare
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Tim,

    I've tried connecting to the crl location via internet explorer and
    get prompted to download a file, I'm presuming this file is the crl.
    When I click save it asks for a location to save to so I tell it to go
    in the Temporary Internet files within Documents and settings as I
    believe that is the correct location for it. I'm assuming with this
    action the client machine can see the CDP correctly to find the CRL.

    Thanks,

    Dave

    "Tim Springston [MSFT]" <tspring@online.microsoft.com> wrote in message news:<Oerl3GCdEHA.1000@TK2MSFTNGP12.phx.gbl>...
    > Hi Dave-
    >
    > From the machine where you see this error can you reach the specified CRL?
    > CRLs are commonly HTTP URLs, possibly LDAP ones. If you don't recall the
    > specific URLs you should be able to find them by opening the Certificates
    > snapin for the user or machine and opening the specific certificate.
    >
    > If the certificate is one on the smartcard you may need to use software from
    > the manufacturer to look at the certificate fields.
    >
    > The essential idea is to make sur ethat you can get to the CRL from that
    > client. Please repost and let us know if this helps.
    > --
    > Tim Springston
    > Microsoft Corporation
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    > "Dave Heckford" <dheckford@blueyonder.co.uk> wrote in message
    > news:4b08eb79.0407260443.4f1131e2@posting.google.com...
    > > Hi,
    > >
    > > I'm having quite a few problems with Smartcard logon. Each time I try
    > > to logon to certain Win2k Professional workstation I get the following
    > > message:-
    > > "The revocation function was unable to check revocation
    > > because the revocation server was offline"
    > >
    > > To elimate sites I have moved a workstation that has this problem from
    > > one site to another but the problem persists. I have removed the
    > > workstation from the domain and re-added it back in, No difference. So
    > > far all I know is if you use ctrl+alt+del everything is OK but as soon
    > > as you use a smartcard I keep getting the error message.
    > >
    > > As far as I'm aware the CRL's are replicating around the domain
    > > controllers fine and are updating without user intervention. If anyone
    > > can help or suggest any ideas that I can try I'd be very greatful.
    > >
    > > Thanks,
    > >
    > > Dave
Ask a new question

Read More

Domain Workstations Windows