Sign in with
Sign up | Sign in
Your question

Revocation error when logging onto a Win2k domain with a s..

Last response: in Windows 2000/NT
Share
Anonymous
July 26, 2004 9:43:16 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I'm having quite a few problems with Smartcard logon. Each time I try
to logon to certain Win2k Professional workstation I get the following
message:-
"The revocation function was unable to check revocation
because the revocation server was offline"

To elimate sites I have moved a workstation that has this problem from
one site to another but the problem persists. I have removed the
workstation from the domain and re-added it back in, No difference. So
far all I know is if you use ctrl+alt+del everything is OK but as soon
as you use a smartcard I keep getting the error message.

As far as I'm aware the CRL's are replicating around the domain
controllers fine and are updating without user intervention. If anyone
can help or suggest any ideas that I can try I'd be very greatful.

Thanks,

Dave
Anonymous
July 27, 2004 8:36:06 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Dave-

From the machine where you see this error can you reach the specified CRL?
CRLs are commonly HTTP URLs, possibly LDAP ones. If you don't recall the
specific URLs you should be able to find them by opening the Certificates
snapin for the user or machine and opening the specific certificate.

If the certificate is one on the smartcard you may need to use software from
the manufacturer to look at the certificate fields.

The essential idea is to make sur ethat you can get to the CRL from that
client. Please repost and let us know if this helps.
--
Tim Springston
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.

"Dave Heckford" <dheckford@blueyonder.co.uk> wrote in message
news:4b08eb79.0407260443.4f1131e2@posting.google.com...
> Hi,
>
> I'm having quite a few problems with Smartcard logon. Each time I try
> to logon to certain Win2k Professional workstation I get the following
> message:-
> "The revocation function was unable to check revocation
> because the revocation server was offline"
>
> To elimate sites I have moved a workstation that has this problem from
> one site to another but the problem persists. I have removed the
> workstation from the domain and re-added it back in, No difference. So
> far all I know is if you use ctrl+alt+del everything is OK but as soon
> as you use a smartcard I keep getting the error message.
>
> As far as I'm aware the CRL's are replicating around the domain
> controllers fine and are updating without user intervention. If anyone
> can help or suggest any ideas that I can try I'd be very greatful.
>
> Thanks,
>
> Dave
Anonymous
July 28, 2004 9:11:22 AM

Archived from groups: microsoft.public.win2000.security (More info?)

In article <4b08eb79.0407260443.4f1131e2@posting.google.com>, in the
microsoft.public.win2000.security news group, Dave Heckford
<dheckford@blueyonder.co.uk> says...

> As far as I'm aware the CRL's are replicating around the domain
> controllers fine and are updating without user intervention. If anyone
> can help or suggest any ideas that I can try I'd be very greatful.
>

You'll need to describe your PKI in more detail for us here. There are a
number of requirements regarding CRLs and smart cards, and without
details of your PKI, it is going to be tough to help you out here.

In the interim, this may help somewhat:

http://www.microsoft.com/technet/prodtechnol/winxppro/s...
px

or

http://tinyurl.com/4kbmn

Also check out
http://support.microsoft.com/default.aspx?scid=kb;en-us;281245

Although this is for 3rd paty CAs, the requirements are the same for
Windows Server CAs it is just that most of the requirements will be
taken care of for you.


--
Paul Adare
This posting is provided "AS IS" with no warranties, and confers no
rights.
Anonymous
July 30, 2004 9:38:28 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Tim,

I've tried connecting to the crl location via internet explorer and
get prompted to download a file, I'm presuming this file is the crl.
When I click save it asks for a location to save to so I tell it to go
in the Temporary Internet files within Documents and settings as I
believe that is the correct location for it. I'm assuming with this
action the client machine can see the CDP correctly to find the CRL.

Thanks,

Dave

"Tim Springston [MSFT]" <tspring@online.microsoft.com> wrote in message news:<Oerl3GCdEHA.1000@TK2MSFTNGP12.phx.gbl>...
> Hi Dave-
>
> From the machine where you see this error can you reach the specified CRL?
> CRLs are commonly HTTP URLs, possibly LDAP ones. If you don't recall the
> specific URLs you should be able to find them by opening the Certificates
> snapin for the user or machine and opening the specific certificate.
>
> If the certificate is one on the smartcard you may need to use software from
> the manufacturer to look at the certificate fields.
>
> The essential idea is to make sur ethat you can get to the CRL from that
> client. Please repost and let us know if this helps.
> --
> Tim Springston
> Microsoft Corporation
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Dave Heckford" <dheckford@blueyonder.co.uk> wrote in message
> news:4b08eb79.0407260443.4f1131e2@posting.google.com...
> > Hi,
> >
> > I'm having quite a few problems with Smartcard logon. Each time I try
> > to logon to certain Win2k Professional workstation I get the following
> > message:-
> > "The revocation function was unable to check revocation
> > because the revocation server was offline"
> >
> > To elimate sites I have moved a workstation that has this problem from
> > one site to another but the problem persists. I have removed the
> > workstation from the domain and re-added it back in, No difference. So
> > far all I know is if you use ctrl+alt+del everything is OK but as soon
> > as you use a smartcard I keep getting the error message.
> >
> > As far as I'm aware the CRL's are replicating around the domain
> > controllers fine and are updating without user intervention. If anyone
> > can help or suggest any ideas that I can try I'd be very greatful.
> >
> > Thanks,
> >
> > Dave
!