We are using user authentication here.

Thanks

Don

Can you do a show dot11 associat when the client is trying to associate please?

Also, I suggest you to upgrade the PC to SP2 and disable fast reconnect. There are a number of bugs on Windows XP with PEAP MS-CHAP v2.

Below is the URL for wireless problems in SP1:

http://support.microsoft.com/?kbid=826942

CSCef50870

I am pretty sure I have come across a huge bug in SP2 also.

We are using Peap with WPA. I have opened a case with MS and they sent it to a level two tech, but nobody has called me back yet. I don't have time right now to go ito very much details, but I do not have this problem with SP1.

If I disable my wireless NIC in SP@ then re-enable it, it hangs on attempting to authenticate. If I look at the radius logs, it passed authentication. I can duplicate this problem on many vendors laptops and many vendors Wireless NIC's.

I do not have this problem with SP1 and the WPA supplement.

This is a huge problem for us. I am running the lastest IOS on the 1220's, Lastest ACS 3.3 and the SP2 notebook is a fresh install with nothing else on it (no AV, etc.).

I have to go, if you want me to post more I can later..

Don

I implemented WPA with PEAP (352cards, AP1100, CSACS1111) on XP SP1&supplicant.

Works fine (so far).

I wanted to put SP2. Now I will have to be more careful...

C

I would definately try it on 1 pc only.

Here is what I am seeing, The frist time I connect, it authenticates fine. If I disable the wireless card (in my notebook), then re-enable it, it hangs on attempting to authenticate. Note this is with a fresh install of XP pro and SP2. Nothing else on the laptop. It doesn't matter if I use a cisco card or the built-in Intel card.

In SP1, no matter how many times I disable the card, whenever I enable the card, it always authenticates.

Like I said, I have a open case with MS, but have not heard anything back..

If I do, I will update this thread.

P.S. All my wireless users with SP2 are having this problem.

Thanks

Don

It definely looks like CSCef50870. Please go to the following URL for the bug details:

http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl

There is a bug on the latest PEAP supplicant in SP2. It fails to negotiate during the WPA key phrase. (i.e. after 802.1x phrase) Please try to disable "Fast reconnect"

Thanks!!

I will give this a shot and give MS a call tomorrow...

Don

MS has the wpa supplement and an update to the supplement. Be sure to apply both Q815485 and KB826942. This worked for me.

826942 is included in SP2. If you install 826942 alone on a SP1 machine, that's working.

You will hit another problem after you install SP2. It is documented on Cisco bug CSCef50870. The root cause of the problem is on the Microsoft supplicant on SP2 when the Microsoft supplicant re-authenticates.

I pretty much experienced the same issue as in the original post. This client was a WinXP SP1 Professional Workstation connecting to a AP 1231 with an external radius server. My client would connect to the ap and pass authentication on my external radius server and then would go immediately to re-authenticating and not forward any traffic. If I forced a reauthentication via tha ACU it would duplicate the sequence. I spent days working on this and was at the end of my rope. I then decided to search MS Web Page and found the supplement and update. I decided to give them a try and they fixed my problems immediately along with some other issues I was able to identify using some WLAN Vulnerability tools. Just wanted to mention this as an option for someone else to try who was having similar problems.