Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

EAP-TLS failing on a fresh Windows install + ADU 4.4 + CB21

I'm having some strange problems on a laptop with a fresh Windows XP SP2 installation and ADU 4.4 with latest drivers for CB21 card. I opened a TAC case on this one but they can't find resolution.

EAP-TLS is working fine from another Win-XP PC and another Windows 2000 PC. I don't know why it's this specific laptop the problem is happening on. I doubt it's a laptop hardware issue as I reinstalled Windows XP SP2 from scratch twice, and it happens every time.

I triple checked configuration. I have a certificate installed on the PC. The PC is not part of any domain, by the way.

Basically, it appears as if ADU can't access the local client certificate. I think it's trying but it can't access it. LEAP works. EAP-TLS doesn't. EAP-FAST without TLS works. EAP-FAST with TLS doesn't.

It all becomes pretty clear when you look at the event viewer errors in the CCS event log. TAC couldn't find records of these errors... yet.

Apr 20 3:35:50 dell ERROR: Failed User CreateWsfwCertCredential.

Apr 20 3:35:50 dell ERROR: Failed to setCredentials().

Apr 20 3:35:50 dell ERROR: Failed to setupCredentials().

Apr 20 3:35:50 dell ERROR: Failed to initialize supplicant..

Apr 20 3:35:50 dell ERROR: Thread failed to obtain security token..

Apr 20 3:36:20 dell ERROR: Failed User CreateWsfwCertCredential.

Apr 20 3:36:20 dell ERROR: Failed to setCredentials().

etc.

Has anyone seen this before?

1 REPLY

Re: EAP-TLS failing on a fresh Windows install + ADU 4.4 + CB21

Found the problem. Apparently ADU can't access certificate store if client is not part of the AD domain

145
Views
0
Helpful
1
Replies
CreatePlease to create content