r@yElr3y Forgive me, I only know enough about Microsoft certificate Server to be dangerous. I am certain we only have our root CA, no other servers in that chain, Via a GPO, we are enforcing trust of our root CA to ensure our wireless clients can get and trust the certificates on our hardware for wireless. Since most of our laptops have both the root certificate and a certificate for wireless our machines are being prompted and sadly we are usint R7 so I believe the EKUOID value will not work. I am open to alternate configuration options since we can be flexible.
... View more
BACKGROUND I am using an auth server that points to our CA, I have uploaded our CA's root certificate to "Trusted Client CA" and have created a machine certificate realm with a rule that permits multiple (* -or- ANY) certificate from our CA to connect to our VPN. Our machines have a domain certificate issued to each workstation from the CA using the computer template. It is assigned to every workstation via a GPO because RADIUS requires the CA's root certificate for wireless access to occur. As a result, we have both the root CA and a wireless certificate assigned to every device. PROBLEM When the vpn goes to connect, it prompts for a certificate to use. QUESTION How can I craft a rule to only choose a single certificate since under machine authentication you cannot have ANY user input.
... View more