Hi,
I have setup a RAS VPN server on Windows 2008 R2. I have also setup a CA on 2008 R2 DC.
All is working fine and I can install computer certificates on domain members and they can then connect to the network remotely using L2TP/IPSEC connection.
I have one issue though. When I revoke that computers certificate the computer is still able to connect. I have checked the CRL list using the CA MMC snapin on the DC and the machine certificate appears there under list of revoked certificates.
The CRL distribution point is set to the default - no changes have been made to this.
I altered the CRL publication interval to 1 hour but only after the certificate was issued.
Is there a way to force the authenticating server or client to check the CRL before allowing the nachine to connect? I have also seen that the client has a cache of CRL responses - is there a way to clear this?
Thanks.
JP