|
Home > Archive > Radius Server > November 2005 > IAS with PEAP and Airespace (now Cisco 1000)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IAS with PEAP and Airespace (now Cisco 1000)
|
|
|
| I have configured WPA RADIUS authentication with an Airespace AP (now called
a cisco 1000) using IAS on our 2003 server (which is also running the CA). I
used the MS Win2003 step-by-step guide for setting up secure wireless access
in a test lab
(http://www.microsoft.com/downloads/...&displaylang=en).
When I try to connect from any client (our clients are all XP SP2), I
receive the following message in the System Log:
Source IAS
Event ID: 3
Access request for user DOMAIN\LoriTest was discarded.
Fully-Qualified-User-Name = domain.edu/Staff/Admin &
Finance/OCST/Users/Lori Test
NAS-IP-Address = 10.15.7.252
NAS-Identifier = LowndesAS1
Called-Station-Identifier = 00:0B:85:03:18:21:labwireless
Calling-Station-Identifier = 00:0E:35:E7:25:A1
Client-Friendly-Name = LabAS1
Client-IP-Address = 10.15.7.252
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 25
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 1
Reason = An internal error occurred. Check the system event log for
additional information.
There are no other entries in the System log (other than repeats of this
one).
The IASSAM.log shows the following:
[4804] 10-13 10:33:45:421: Creating EAP session
[4804] 10-13 10:33:45:421: NT-SAM Names handler received request with user
identity DOMAIN\LoriTest.
[4804] 10-13 10:33:45:421: Username is already an NT4 account name.
[4804] 10-13 10:33:45:421: SAM-Account-Name is "DOMAIN\LoriTest".
[4804] 10-13 10:33:45:421: NT-SAM Authentication handler received request
for DOMAIN\LoriTest.
[4804] 10-13 10:33:45:421: Validating Windows account DOMAIN\LoriTest.
[4804] 10-13 10:33:45:421: Sending LDAP search to fsuad2.domain.edu.
[4804] 10-13 10:33:45:421: Successfully validated windows account.
[4804] 10-13 10:33:45:421: NT-SAM User Authorization handler received
request for DOMAIN\LoriTest.
[4804] 10-13 10:33:45:421: Using native-mode dial-in parameters.
[4804] 10-13 10:33:45:421: Sending LDAP search to fsuad2.domain.edu.
[4804] 10-13 10:33:45:421: Successfully retrieved per-user attributes.
[4804] 10-13 10:33:45:421: Allowed EAP type: 25
[4804] 10-13 10:33:45:421: Setting max. packet length to 1296.
[4804] 10-13 10:33:45:499: RasEapBegin failed: Access is denied.
[4804] 10-13 10:33:45:499: Caught COM exception: Access is denied.
And the RASTLS.log shows:
4804] 10:33:45:421: EapPeapBegin
[4804] 10:33:45:421: Verifying caller...
[4804] 10:33:45:499: Unauthorized use of PEAP attempted
[4804] 10:33:45:499: EapPeapBegin done
It works if we use WebAuth or WPA-PSK, so the AP is functioning properly.
All cisco can determine from their logs is that the request to the RADIUS
server is timing out.
I've gone over our configuration many times, and although there's got to be
something we're missing, I am completely baffled as to why this isn't
working. Any help in deciphering these errors would be great.
Thanks,
Lori
| |
|
| Forgot to mention, we're trying to use PEAP with MSCHAPv2. I haven't tried
EAP-TLS (we don't want to have to put certificates on the clients) but if we
don't get anywhere I may try it just to see what happens..
"Lori" wrote:
> I have configured WPA RADIUS authentication with an Airespace AP (now called
> a cisco 1000) using IAS on our 2003 server (which is also running the CA). I
> used the MS Win2003 step-by-step guide for setting up secure wireless access
> in a test lab
> (http://www.microsoft.com/downloads/...&displaylang=en).
> When I try to connect from any client (our clients are all XP SP2), I
> receive the following message in the System Log:
>
> Source IAS
> Event ID: 3
> Access request for user DOMAIN\LoriTest was discarded.
> Fully-Qualified-User-Name = domain.edu/Staff/Admin &
> Finance/OCST/Users/Lori Test
> NAS-IP-Address = 10.15.7.252
> NAS-Identifier = LowndesAS1
> Called-Station-Identifier = 00:0B:85:03:18:21:labwireless
> Calling-Station-Identifier = 00:0E:35:E7:25:A1
> Client-Friendly-Name = LabAS1
> Client-IP-Address = 10.15.7.252
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 25
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Reason-Code = 1
> Reason = An internal error occurred. Check the system event log for
> additional information.
>
> There are no other entries in the System log (other than repeats of this
> one).
>
> The IASSAM.log shows the following:
>
> [4804] 10-13 10:33:45:421: Creating EAP session
> [4804] 10-13 10:33:45:421: NT-SAM Names handler received request with user
> identity DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Username is already an NT4 account name.
> [4804] 10-13 10:33:45:421: SAM-Account-Name is "DOMAIN\LoriTest".
> [4804] 10-13 10:33:45:421: NT-SAM Authentication handler received request
> for DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Validating Windows account DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Sending LDAP search to fsuad2.domain.edu.
> [4804] 10-13 10:33:45:421: Successfully validated windows account.
> [4804] 10-13 10:33:45:421: NT-SAM User Authorization handler received
> request for DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Using native-mode dial-in parameters.
> [4804] 10-13 10:33:45:421: Sending LDAP search to fsuad2.domain.edu.
> [4804] 10-13 10:33:45:421: Successfully retrieved per-user attributes.
> [4804] 10-13 10:33:45:421: Allowed EAP type: 25
> [4804] 10-13 10:33:45:421: Setting max. packet length to 1296.
> [4804] 10-13 10:33:45:499: RasEapBegin failed: Access is denied.
> [4804] 10-13 10:33:45:499: Caught COM exception: Access is denied.
>
> And the RASTLS.log shows:
>
> 4804] 10:33:45:421: EapPeapBegin
> [4804] 10:33:45:421: Verifying caller...
> [4804] 10:33:45:499: Unauthorized use of PEAP attempted
> [4804] 10:33:45:499: EapPeapBegin done
>
> It works if we use WebAuth or WPA-PSK, so the AP is functioning properly.
> All cisco can determine from their logs is that the request to the RADIUS
> server is timing out.
>
> I've gone over our configuration many times, and although there's got to be
> something we're missing, I am completely baffled as to why this isn't
> working. Any help in deciphering these errors would be great.
>
> Thanks,
> Lori
| |
| James McIllece [MS] 2005-10-13, 6:03 pm |
| "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
news:20D63876-9698-4252-85D4-48436B03C422@microsoft.com:
> I have configured WPA RADIUS authentication with an Airespace AP (now
> called a cisco 1000) using IAS on our 2003 server (which is also
> running the CA). I used the MS Win2003 step-by-step guide for setting
> up secure wireless access in a test lab
> (http://www.microsoft.com/downloads/...D=0f7fa9a2-e113
> -415b-b2a9-b6a3d64c48f5&displaylang=en). When I try to connect from
> any client (our clients are all XP SP2), I receive the following
> message in the System Log:
>
> Source IAS
> Event ID: 3
> Access request for user DOMAIN\LoriTest was discarded.
> Fully-Qualified-User-Name = domain.edu/Staff/Admin &
> Finance/OCST/Users/Lori Test
> NAS-IP-Address = 10.15.7.252
> NAS-Identifier = LowndesAS1
> Called-Station-Identifier = 00:0B:85:03:18:21:labwireless
> Calling-Station-Identifier = 00:0E:35:E7:25:A1
> Client-Friendly-Name = LabAS1
> Client-IP-Address = 10.15.7.252
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 25
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Reason-Code = 1
> Reason = An internal error occurred. Check the system event log for
> additional information.
>
> There are no other entries in the System log (other than repeats of
> this one).
>
> The IASSAM.log shows the following:
>
> [4804] 10-13 10:33:45:421: Creating EAP session
> [4804] 10-13 10:33:45:421: NT-SAM Names handler received request with
> user identity DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Username is already an NT4 account name.
> [4804] 10-13 10:33:45:421: SAM-Account-Name is "DOMAIN\LoriTest".
> [4804] 10-13 10:33:45:421: NT-SAM Authentication handler received
> request for DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Validating Windows account DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Sending LDAP search to fsuad2.domain.edu.
> [4804] 10-13 10:33:45:421: Successfully validated windows account.
> [4804] 10-13 10:33:45:421: NT-SAM User Authorization handler received
> request for DOMAIN\LoriTest.
> [4804] 10-13 10:33:45:421: Using native-mode dial-in parameters.
> [4804] 10-13 10:33:45:421: Sending LDAP search to fsuad2.domain.edu.
> [4804] 10-13 10:33:45:421: Successfully retrieved per-user attributes.
> [4804] 10-13 10:33:45:421: Allowed EAP type: 25
> [4804] 10-13 10:33:45:421: Setting max. packet length to 1296.
> [4804] 10-13 10:33:45:499: RasEapBegin failed: Access is denied.
> [4804] 10-13 10:33:45:499: Caught COM exception: Access is denied.
>
> And the RASTLS.log shows:
>
> 4804] 10:33:45:421: EapPeapBegin
> [4804] 10:33:45:421: Verifying caller...
> [4804] 10:33:45:499: Unauthorized use of PEAP attempted
> [4804] 10:33:45:499: EapPeapBegin done
>
> It works if we use WebAuth or WPA-PSK, so the AP is functioning
> properly. All cisco can determine from their logs is that the request
> to the RADIUS server is timing out.
>
> I've gone over our configuration many times, and although there's got
> to be something we're missing, I am completely baffled as to why this
> isn't working. Any help in deciphering these errors would be great.
>
> Thanks,
> Lori
It sounds like your client computers are either not configured to use PEAP
or they do not trust the CA that issued the server certificate to the IAS
server (you *do* have a server cert configured in remote access policy,
right?).
Other issues to check are that the AP is configured to allow EAP, and that
the shared secret on the IAS server and the AP are identical.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| Thanks so much for the reply.
Yes, there is a server certificate in the remote access policy, and we've
double checked the shared secret several times. On the client side, the CA
is listed under Trusted Root certification Authorities, and I have Protected
EAP configured on the Authentication tab with Secured password (EAP-MSCHAP
v2) selected in the method drop down.
"James McIllece [MS]" wrote:
> "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
> news:20D63876-9698-4252-85D4-48436B03C422@microsoft.com:
>
>
> It sounds like your client computers are either not configured to use PEAP
> or they do not trust the CA that issued the server certificate to the IAS
> server (you *do* have a server cert configured in remote access policy,
> right?).
>
> Other issues to check are that the AP is configured to allow EAP, and that
> the shared secret on the IAS server and the AP are identical.
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
|
| For what it's worth, we also tried using EAP-TLS (I changed the IAS, created
a wireless user template on the CA, added computer and user certificates to
the client and changed the authentication to smart card or other
certificate). Unfortunately, it doesn't work either. The event viewer
messages remain exactly the same, the IASSAM.log is exactly the same with the
exception that the Allowed EAP type is 13 instead of 25, and the RASTLS log
shows the following:
[5704] 15:39:55:563: EapTlsBegin(DOMAIN\LoriTest)
[5704] 15:39:55:563: SetupMachineChangeNotification
[5704] 15:39:55:563: Verifying caller...
[5704] 15:39:56:375: Unauthorized use of TLS attempted
"James McIllece [MS]" wrote:
> "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
> news:20D63876-9698-4252-85D4-48436B03C422@microsoft.com:
>
>
> It sounds like your client computers are either not configured to use PEAP
> or they do not trust the CA that issued the server certificate to the IAS
> server (you *do* have a server cert configured in remote access policy,
> right?).
>
> Other issues to check are that the AP is configured to allow EAP, and that
> the shared secret on the IAS server and the AP are identical.
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
| James McIllece [MS] 2005-10-24, 11:03 am |
| Hi Lori --
One of the IAS developers forwarded this comment and question to me about
the problems you are experiencing:
The rastls log entry "Unauthorized use of PEAP attempted" means that the
calling DLL is not signed. Has the customer applied updates from a non-MS
source?
"=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
news:FBD3DFA4-D4D3-44C1-936E-C8011D50B67C@microsoft.com:
[vbcol=seagreen]
> For what it's worth, we also tried using EAP-TLS (I changed the IAS,
> created a wireless user template on the CA, added computer and user
> certificates to the client and changed the authentication to smart
> card or other certificate). Unfortunately, it doesn't work either.
> The event viewer messages remain exactly the same, the IASSAM.log is
> exactly the same with the exception that the Allowed EAP type is 13
> instead of 25, and the RASTLS log shows the following:
>
> [5704] 15:39:55:563: EapTlsBegin(DOMAIN\LoriTest)
> [5704] 15:39:55:563: SetupMachineChangeNotification
> [5704] 15:39:55:563: Verifying caller...
> [5704] 15:39:56:375: Unauthorized use of TLS attempted
>
>
>
> "James McIllece [MS]" wrote:
>
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| I just double checked, and I'm told that the only updates that are installed
have been downloaded from the Windows update site (the OS was installed from
a disk with SP1 included). Is there a specific DLL or DLLs that I can check?
Also, we tried a small Linksys router this morning instead of the Airespace,
with the same error messages and same results.
"James McIllece [MS]" wrote:
> Hi Lori --
>
> One of the IAS developers forwarded this comment and question to me about
> the problems you are experiencing:
>
> The rastls log entry "Unauthorized use of PEAP attempted" means that the
> calling DLL is not signed. Has the customer applied updates from a non-MS
> source?
>
>
>
>
> "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
> news:FBD3DFA4-D4D3-44C1-936E-C8011D50B67C@microsoft.com:
>
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
| James McIllece [MS] 2005-10-24, 11:03 am |
| Do you happen to have another IAS server that you can test this with? If
so, just aim your RADIUS clients at a different server and see how it
works.
Also, are you using any third party authorization or authentication dlls
with IAS?
I'll ask the dev about the dll name as per your request below. I think
there is a possibility you can just register the dll on the server and you
will be fine...I'll ask him.
"=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
news:DCB74EC0-F491-49A8-BE6C-DF1E69EEE91E@microsoft.com:
> I just double checked, and I'm told that the only updates that are
> installed have been downloaded from the Windows update site (the OS
> was installed from a disk with SP1 included). Is there a specific DLL
> or DLLs that I can check?
>
> Also, we tried a small Linksys router this morning instead of the
> Airespace, with the same error messages and same results.
>
> "James McIllece [MS]" wrote:
>
>
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| No, we aren't using any third pary dlls. We configured IAS on another DC and
got the same error messages. However, the other DC we tried had 2K3
installed using the same CD w/ SP1 included that was used on the orginal DC,
which makes me wonder if there isn't a problem with that CD.
Please let me know when you hear back from the dev and we'll go from there.
If we can just register the dll that would be great.
Thanks so much,
Lori
"James McIllece [MS]" wrote:
> Do you happen to have another IAS server that you can test this with? If
> so, just aim your RADIUS clients at a different server and see how it
> works.
>
> Also, are you using any third party authorization or authentication dlls
> with IAS?
>
> I'll ask the dev about the dll name as per your request below. I think
> there is a possibility you can just register the dll on the server and you
> will be fine...I'll ask him.
>
>
> "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
> news:DCB74EC0-F491-49A8-BE6C-DF1E69EEE91E@microsoft.com:
>
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
|
| I had a similar problem with an Airespace 4112 switch. I couldn't get
any authentication protocol to work with IAS and had to switch over to
Cisco ACS and use LEAP. For what it's worth, I haven't yet been able to
get authentication working with ClearBox RADIUS either. My PIX firewall
works with both IAS and ClearBox but it's using either CHAP or MS-CHAP.
I'd be very interested to find out what the fix is if you get IAS
working with it. I'll be contacting cisco again this week since the
price point for ACS is beyond our means.
-Gary
| |
| James McIllece [MS] 2005-10-24, 11:03 am |
| Apparently registering the dll is not the issue. The issue appears to be
that iassam.dll is not digitally signed.
Another dev made this suggestion:
"Use explorer, right click on the file (iassam.dll), select properties and
check how it looks like in the Digital Signature tab.
If they have a trust issue or the file is not signed, that’ll show up.
If they removed some MS root cert for instance, the computer would work but
the dll not be ok’ed by the runtime."
I know you have not removed a cert, but if you can report what you find
when you look at the dll properties that might be of assistance.
"=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
news:C168F9DF-DDC8-47B4-B6B7-46CFF6AC3D9C@microsoft.com:
[vbcol=seagreen]
> No, we aren't using any third pary dlls. We configured IAS on another
> DC and got the same error messages. However, the other DC we tried
> had 2K3 installed using the same CD w/ SP1 included that was used on
> the orginal DC, which makes me wonder if there isn't a problem with
> that CD.
>
> Please let me know when you hear back from the dev and we'll go from
> there. If we can just register the dll that would be great.
>
> Thanks so much,
> Lori
>
> "James McIllece [MS]" wrote:
>
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| James McIllece [MS] wrote:
> "Use explorer, right click on the file (iassam.dll), select properties and
> check how it looks like in the Digital Signature tab.
I don't have such a tab in either 2003 Server SP1 or XP SP2. The only
thing I've found to check for signing is chktrust.exe -- and according
to it, hardly anything in %SystemRoot%\system32 is signed. But perhaps
there's another way to check...?
-Gary
| |
|
| I also don't have a Digital Signature tab when I right click the iassam.dll
file. I have the following tabs: General, Version, Security, and Summary.
On the Version tab, it lists File version 5.2.3790.1830, Description: IAS NT
SAM Provider, Copyright: Microsoft Corporation All rights reserved.
Like Gary, I'm wondering if there's something else we can check?
Thanks again,
Lori
"James McIllece [MS]" wrote:
> Apparently registering the dll is not the issue. The issue appears to be
> that iassam.dll is not digitally signed.
>
> Another dev made this suggestion:
>
> "Use explorer, right click on the file (iassam.dll), select properties and
> check how it looks like in the Digital Signature tab.
>
> If they have a trust issue or the file is not signed, that’ll show up.
>
> If they removed some MS root cert for instance, the computer would work but
> the dll not be ok’ed by the runtime."
>
> I know you have not removed a cert, but if you can report what you find
> when you look at the dll properties that might be of assistance.
>
>
>
> "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
> news:C168F9DF-DDC8-47B4-B6B7-46CFF6AC3D9C@microsoft.com:
>
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
| James McIllece [MS] 2005-10-24, 11:03 am |
| I asked the dev about this and he replied:
""Digital Signatures" tab will show up only for binaries with embedded
signature. Those signed through cat file will not have that tab. "
I've asked him if he knows of a tool that will allow you to check the
digital signatures on your files.
He also asked me to "find out how the customer built the 2k3 SP1 slipstream
CD".
Do you have any details you can provide on this? If so, please email them
to wsdocs@no-spam.microsoft.com. I monitor this alias and once I have your
emails we can take this discussion offline.
Thanks --
James
"=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
news:88BC84A5-4106-40B0-B87D-6F74AABDAC15@microsoft.com:
[vbcol=seagreen]
> I also don't have a Digital Signature tab when I right click the
> iassam.dll file. I have the following tabs: General, Version,
> Security, and Summary. On the Version tab, it lists File version
> 5.2.3790.1830, Description: IAS NT SAM Provider, Copyright: Microsoft
> Corporation All rights reserved.
>
> Like Gary, I'm wondering if there's something else we can check?
>
> Thanks again,
> Lori
>
> "James McIllece [MS]" wrote:
>
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| With the help of Microsoft, we finally got this working. For anyone else who
runs across this same problem, the reason the IAS authentication was failing
is that we were missing several trusted root certificates on the IAS server.
The reason the certificates were missing was that the default domain
controller policy was only allowing the DC's to trust Enterprise root
certification authorities, instead of Third-party and enterprise root
certification authorities (this is in the Default Domain Controller policy,
Computer, Windows, Security, Public Key Policies, right click the Trusted
Root certification Authorities folder and choose properties).
Until we found the group policy setting, we were able to make it work by
importing from another server the certificates in this article:
http://support.microsoft.com/kb/293781/
Hopefully this will help anyone else having a similar problem!
"James McIllece [MS]" wrote:
> I asked the dev about this and he replied:
>
> ""Digital Signatures" tab will show up only for binaries with embedded
> signature. Those signed through cat file will not have that tab. "
>
> I've asked him if he knows of a tool that will allow you to check the
> digital signatures on your files.
>
> He also asked me to "find out how the customer built the 2k3 SP1 slipstream
> CD".
>
> Do you have any details you can provide on this? If so, please email them
> to wsdocs@no-spam.microsoft.com. I monitor this alias and once I have your
> emails we can take this discussion offline.
>
> Thanks --
>
> James
>
>
> "=?Utf-8?B?TG9yaQ==?=" <Lori@discussions.microsoft.com> wrote in
> news:88BC84A5-4106-40B0-B87D-6F74AABDAC15@microsoft.com:
>
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
|
|
|
|
|