EAP-TLS or PEAP authentication failed during SSL handshake error

Unanswered Question
Jun 10th, 2007
User Badges:

I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.

The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:

Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?

Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?

Thanks for the help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
mdcole Thu, 06/14/2007 - 07:22
User Badges:

My experience suggests that the problem is the certificate.

I'm running ACS 3.3.

I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.

Correctly following the instructions led to a successful connection and no more error message.

JASON CHOQUETTE Thu, 06/14/2007 - 11:21
User Badges:

Thanks mdcole for the response, but I did manage to figure out what the problem was....

ACS 4.0 supports PEAP1.0 as well as PEAP0. The Windows XP suplicate only supports PEAP0. So in order to resolve the authentication issues we had to install KB885453 on our wireless clients. Once we did that all was fine.


This Discussion



Trending Topics - Security & Network