A year ago, I set up a wireless network using PEAP authentication in
accordance with the instructions in Microsoft's document "Securing
Wireless LANS with PEAP and passwords". Everything worked fine for a
year. Now, user attempts to connect are all being rejected. The only
message I've seen that was at all helpful in the event log, along with
endless messages telling me logons were rejected was one suggesting
there is a kerberos problem somewhere, and I should check my public
key infrastructure. I fired up the certification authority MMC snap
in, and lo and behold, the certificate for the domain controller that
hosts IAS just expired. (It's the same server that hosts the
certification authority). I can't figure out how to get it to renew.
I tried rebooting the server, that didn't help.

Some app note I found on MS's web site suggests there may be a group
policy preventing autoenrollment, but it doesn't say specifically how
to fix it.

One other thing I discovered is if, in the clients, you configure the
wireless network not to validate your server certificate, you're in.

BTW, the expiration period for the certificate I generated in the
process of following the WLAN setup instructions is 25 years, I don't
recall ever generating a certificate that expired in a year.

Anyone have any clue how to get this domain controller to renew its
cert, so clients can connect without disabling 1/2 the authentication?