請確認伺服器註冊伺服器的憑證Verify Server Enrollment of a Server Certificate

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用此程序,以確認您的網路原則 Server (NPS) 伺服器的已退出伺服器的憑證授權單位憑證。You can use this procedure to verify that your Network Policy Server (NPS) servers have enrolled a server certificate from the certification authority (CA).

注意

資格在網域系統管理員群組最小,才能完成這些程序。Membership in the Domain Admins group is the minimum required to complete these procedures.

請確認伺服器的憑證的網路原則 Server (NPS) 註冊Verify Network Policy Server (NPS) enrollment of a server certificate

NPS 來驗證,以及授權網路連接要求,因為很重要,以確保您具有 NPS 伺服器核發伺服器憑證搭配使用的網路原則。Because NPS is used to authenticate and authorize network connection requests, it is important to ensure that the server certificate you have issued to NPS servers is valid when used in network policies.

若要驗證伺服器的憑證已正確設定,並會 NPS 伺服器退出,您必須設定測試網路原則,並允許 NPS 驗證 NPS,可以使用憑證的驗證。To verify that a server certificate is correctly configured and is enrolled to the NPS server, you must configure a test network policy and allow NPS to verify that NPS can use the certificate for authentication.

若要確認 NPS 伺服器註冊伺服器的憑證To verify NPS server enrollment of a server certificate

  1. 在伺服器管理員中,按一下 [工具,然後按的網路原則伺服器In Server Manager, click Tools, and then click Network Policy Server. 開啟網路原則伺服器 Microsoft Management Console (MMC)。The Network Policy Server Microsoft Management Console (MMC) opens.

  2. 按兩下原則,以滑鼠右鍵按一下的網路原則,並按一下 [Double-click Policies, right-click Network Policies, and click New. [新的網路原則精靈開啟。The New Network Policy wizard opens.

  3. 網路指定原則名稱,並連接輸入,請在原則的名稱,輸入測試原則In Specify Network Policy Name and Connection Type, in Policy name, type Test policy. 確保類型的網路存取伺服器的值未指定,然後按一下 [下一步Ensure that Type of network access server has the value Unspecified, and then click Next.

  4. 指定條件,按一下 [新增]In Specify Conditions, click Add. 選取條件,按一下 [ Windows 群組,然後按一下 [新增In Select condition, click Windows Groups, and then click Add.

  5. 群組,按一下 [新增群組In Groups, click Add Groups. 選取的群組,輸入使用者網域,然後按 ENTER 鍵。In Select Group, type Domain Users, and then press ENTER. 按一下[確定],然後按一下 [Click OK, and then click Next.

  6. 指定的存取權限,確認存取授與已選取,然後按一下 [下一步In Specify Access Permission, ensure that Access granted is selected, and then click Next.

  7. 設定的驗證方法,按一下 [新增]In Configure Authentication Methods, click Add. 新增 EAP,按一下 [ Microsoft: 保護 EAP (PEAP),然後按一下 [ [確定]In Add EAP, click Microsoft: Protected EAP (PEAP), and then click OK. Eap,請選取Microsoft: 保護 EAP (PEAP),然後按一下 [編輯In EAP Types, select Microsoft: Protected EAP (PEAP), and then click Edit. 編輯保護 EAP 屬性對話方塊。The Edit Protected EAP Properties dialog box opens.

  8. 編輯保護 EAP 屬性對話方塊中,在發給、 NPS 顯示您伺服器的憑證的名稱的格式電腦名稱網域In the Edit Protected EAP Properties dialog box, in Certificate issued to, NPS displays the name of your server certificate in the format ComputerName.Domain. 例如,如果 NPS 伺服器稱為 NPS-01 且您的網域 example.com,NPS 會顯示憑證NPS-01.example.com。此外,在發行者,會顯示您憑證授權單位的名稱,並在到期,顯示伺服器的憑證的到期日期。For example, if your NPS server is named NPS-01 and your domain is example.com, NPS displays the certificate NPS-01.example.com. In addition, in Issuer, the name of your certification authority is displayed, and in Expiration date, the date of expiration of the server certificate is shown. 這示範 NPS 伺服器的已退出有效的伺服器的憑證,它可以使用其身份 client 電腦嘗試存取網路透過您的網路存取伺服器,例如私人網路 virtual (VPN) 伺服器、 802.1 X 能力 wireless 存取點、 遠端桌面閘道伺服器及 802.1 X 能力乙太網路切換。This demonstrates that your NPS server has enrolled a valid server certificate that it can use to prove its identity to client computers that are trying to access the network through your network access servers, such as virtual private network (VPN) servers, 802.1X-capable wireless access points, Remote Desktop Gateway servers, and 802.1X-capable Ethernet switches.

    重要

    如果 NPS 不會顯示有效的伺服器的憑證,並提供本機電腦找不到憑證這類的訊息,如果有兩個可能的原因,此問題。If NPS does not display a valid server certificate and if it provides the message that such a certificate cannot be found on the local computer, there are two possible reasons for this problem. 它可能會的群組原則不正常運作,更新並不 NPS 伺服器已退出從 CA 憑證。It is possible that Group Policy did not refresh properly, and the NPS server has not enrolled a certificate from the CA. 在這個情況,重新開機 NPS 伺服器。In this circumstance, restart the NPS server. 當您在電腦重新開機時,群組原則的更新,,以及您可以執行此程序,確認已退出的伺服器的憑證。When the computer restarts, Group Policy is refreshed, and you can perform this procedure again to verify that the server certificate is enrolled. 重新整理群組原則不解析這個問題,若憑證範本、 認證自動授權,或兩者未設定正確。If refreshing Group Policy does not resolve this issue, either the certificate template, certificate autoenrollment, or both are not configured correctly. 若要修正這些問題的相關,本文開頭的 [開始] 並執行所有步驟再試一次,以確保您所提供的設定正確。To resolve these issues, start at the beginning of this guide and perform all steps again to ensure that the settings that you have provided are accurate.

  9. 當您已驗證的有效的伺服器的憑證時,您可以按一下[確定]取消以結束新的網路原則精靈。When you have verified the presence of a valid server certificate, you can click OK and Cancel to exit the New Network Policy wizard.

    注意

    因為您未完成精靈,測試的網路原則不會建立 NPS。Because you are not completing the wizard, the test network policy is not created in NPS.