Reset Search



Authentication request became stale on Windows 10 with CRL revoked message in Event log

« Go Back


TitleAuthentication request became stale on Windows 10 with CRL revoked message in Event log
  • NAC indicates "Authentication request became stale"
  • Diagnostics indicate NAC send RADIUS certificate and client never responded
  • Client Event log "Schannel" error indicates: 
The certificate received from the remote server has been revoked. This means that the certificate authority that issued the certificate has invalidated it. The SSL connection request has failed. The attached data contains the server certificate.
  • NAC's RADIUS certificate is seen in the "Revoked" certificates on the certificate authority
  • Extreme Control
  • NAC
Windows client has invalidated the certificate per the Certificate Authority's certificate revocation list.
  1. Remove the certificate from the Certificate Authorities revocation list
  2. Delete the CRL cache on the clients disk by opening a command prompt on the affected client and running the command:
    certutil -urlcache crl delete
  3. Delete the CRL cache in the client memory by running the following command inside the command prompt:
    certutil -getreg chain\ChainCacheResyncFiletime @now
  4. Re-attempt authentication
Additional notes
For additional information on CRLs:

If the problem is too wide spread and running these commands on all clients, or using group policy is not a viable option you can install another RADIUS certificate on the NAC



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255