Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

PEAP Logon under windows 2000


I use MS Peap on windows 2k with all the 802.1x patches and so on. every think works fine. the only thing is that the logon process takes tooo long so the logon scripts are not able to complet sucessfully bc the client doesnt have an ip address. is there any solution for that problem?

regards Bernhard

New Member

Re: PEAP Logon under windows 2000

We had a similar problem. During the boot up process the client would start the EAP authentication but the AP would disassociate the client before the client finished booting up. The user had to wait until the PEAP authentication started again (approx 1 minute) before they could login.

We finally solved the problem by applying the MS patches 313664 & 823859 (install in that order) and upgrading the AP firmware (we are still Vxworks) to 12.03T. 12.02T does not work! Also make sure computer authentication is check on the client. I’m not sure if MS has released patch 823859…I had to call them to get it. Now our users can login as soon as the login screen appears and successfully run the login scripts, etc..

Re: PEAP Logon under windows 2000

thx you are right the 823859 is not published. can you send it to me? that would be grat, what excactly does this patch?

do you have guide for maschineauthentication? i have tried it today, but i see on the acs faild attempts user: host/

that would be nice.

regards Bernhard

New Member

Re: PEAP Logon under windows 2000

I originally called Microsoft on knowledge base article 822725 that is written for XP but it relates to the same problem I was having on win2K. MS tech support was able to find a “back port” for win2k. This fix is supposed to be part of SP5.

Machine authentication occurs in a Windows domain or AD when your client PC is a member of a domain. In my environment our ACS server forwards the authentication requests to AD so we use machine authentication.