Reset Search
 

 

Article

Authentication request became stale on Windows 10 with CRL revoked message in Event log

« Go Back

Information

 
TitleAuthentication request became stale on Windows 10 with CRL revoked message in Event log
Symptoms
  • NAC indicates "Authentication request became stale"
  • Diagnostics indicate NAC send RADIUS certificate and client never responded
  • Client Event log "Schannel" error indicates: 
The certificate received from the remote server has been revoked. This means that the certificate authority that issued the certificate has invalidated it. The SSL connection request has failed. The attached data contains the server certificate.
  • NAC's RADIUS certificate is seen in the "Revoked" certificates on the certificate authority
Environment
  • Extreme Control
  • NAC
Cause
Windows client has invalidated the certificate per the Certificate Authority's certificate revocation list.
Resolution
  1. Remove the certificate from the Certificate Authorities revocation list
  2. Delete the CRL cache on the clients disk by opening a command prompt on the affected client and running the command:
    certutil -urlcache crl delete
  3. Delete the CRL cache in the client memory by running the following command inside the command prompt:
    certutil -getreg chain\ChainCacheResyncFiletime @now
  4. Re-attempt authentication
Additional notes
For additional information on CRLs: https://technet.microsoft.com/en-us/library/ee619754(v=ws.10).aspx

If the problem is too wide spread and running these commands on all clients, or using group policy is not a viable option you can install another RADIUS certificate on the NAC

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255