# Sunday, 24 February 2008

Sharepoint Central Administration
Virtual Server Configuration
Configure virtual server settings
Default Web Site
Virtual Server Management
Define managed paths
Add New path -> certsrv -> Excluded path
OK

See: http://www.microsoft.com/technet/prodtechnol/biztalk/2006/library/a4swift/39916663-b80e-49d8-ba9b-49276eb564fc.mspx?mfr=true

vpn | 2003
Sunday, 24 February 2008 16:00:32 (GMT Standard Time, UTC+00:00)  #    Disclaimer  |  Comments [0]  |  Trackback
# Wednesday, 14 February 2007

Just some notes:

http://support.microsoft.com/kb/926182


I order to run  an IPSEC/NAT-T type VPN you need to insert the following registry keys on the client :

XP SP2:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec]

 "AssumeUDPEncapsulationContextOnSendRule"=dword:00000002”

Vista:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002”

Now... I'm not quite sure that these alone will help you get connected.
Make sure that since you are connecting from a non-domain member that you certificate is properly installed.

Import the Administrator-Cert to both
Local Machine: "Personal" & "Trusted Root Certification Authorities"

This in combination with the above registry-hack should do it.

BTW: The one for SP 2 is documented in:
http://support.microsoft.com/default.aspx?kbid=885407

The one for Vista is not... but it works  

[TX Geir Johansen, isaserver.org]


OK, here is a way to do it (but it is not an easy
solution).

1) You need to use certmgr.msc on the Vista Client
2) You need to generate Custom Request in the console
(see Create a Custom Certificate Request in the Help
file).
3) Best to add Custom subject information (be sure to
include an Alternate Name that includes the User
Principal Name
4) Save the file to a PKCS#10 request


Create a custom v2 certificate template that allows the
Subject to be created in the Request. Base it on the
template you want to use (for the love of G*D, do not
use User <G>) Ensure that the template is available at
the CA you are using. Assume it is named VistaUser


You now use the Certsrv Web page to submit the request
1) Connect to https://CAName/certsrv
2) Provide credentials from the domain
3) Choose Request a Certificate
4) CHoose Advanced Certificate Request
5) Choose Submit a certificate request by using a base-  
64-encoded CMC or PKCS #10 file, or submit a renewal
request by using a base-64-encoded PKCS #7 file.
6) Paste the contents of the file created in the first
procedure into the Saved Request box
7) Choose the VistaUser template in the Certificate
Template sectino
8) Click Submit
9) Save the issued certificate to a PKCS#7 file (all
certs in the chain)


Go back to the Vista box
1) Import the PKCS#7 file
2) Put all certs in the Personal store (for now)
3) Once the import is complete, move the CA certificates
into the appropriate stores (root in the root, all other
CAs in the intermediate store
4) Use the certificate


Brian
P.S. Please do not ask for more detailed steps <G>


In article <D85CB163-D832-4D40-B009-B5A28A685BF0
@microsoft.com>, S...@discussions.microsoft.com says...


 

vista | vpn | 2003
Wednesday, 14 February 2007 20:26:40 (GMT Standard Time, UTC+00:00)  #    Disclaimer  |  Comments [0]  |  Trackback