Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems authenticating Windows wireless endpoint over dot1x

Folks,

I'm almost mad. How much brain power does it usually take to have Windows client connect to wireless using dot1x authentication.

No problem with Mac, iPhone, Android. Windows supplicant either sucks or I'm missing something.

I'm getting the error message for Windows authentication attempt:

Authentication failed                                                                                 :

11514 Unexpectedly received empty TLS message; treating as a rejection by the client

The advanced properties for the client are as follows:

Association

Network authentication: WPA2

Data encryption: AES

Authentication

Protected EAP (PEAP)

Properties for Authentication via PEAP

Validate server certificate: checked

Select Authentication Method: EAP-MSCHAP v2 (automatically use my Windows logon name and password unchecked)

Enable fast reconnect: checked

I end up with endless prompts to enter username and password and this doesn't go anywhere.

Any suggestions, please

4 REPLIES

Problems authenticating Windows wireless endpoint over dot1x

Can you try not validating the server certificate, and see if that helps?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Problems authenticating Windows wireless endpoint over dot1x

Thanks, Steve.

The problem seems to be lying inside Windows stupid logic of connecting to wireless networks.

This is what I discovered. Let's say this is brand new PC that doesn't know anything about a new wireless network.

You open a list of available wireless networks and connect to the required one. You are an average user and you don't have a slightest idea what dot1x and EAP is about.

You simply connect and wait for some kind of interactive behaviour. Nothing happens. Windows opens a yellow baloon message saying "Windows was unable to find a certificate to log you on the network". The connection stucks on Validating Identity phase.

I go into the wireless settings and find that:

1) The required SSID is automatically selected

2) Its authentication paramater is set to "Smart Card or other Certificate"

3) Validate server certificate is checked

Ok, I'm thinking that I'll have to teach average users to be computer nerds and change to the settings of their wireless connection. I go to wireless settings, authentication and change it to PEAP, uncheck "Validate server certificates" and disable "automatically use my windows logon name and password". The goes through and I'm being authenticated and connected. Life is good and I'm going home.

Then I come back on the next day and try to connect again to the same network. To my greatest suprise and frustration I can't connect again. Verifying wireless settings reveals that damn stupid Windows again tries to use "Smart Card or other certificate" in the authentication settings even though the connection is now in the manual state.

I'm wondering what kind of warped logic do Windows developers pursue when they design their Windows based wireless management. It doesn't work this way if I use a third party wireless management application for my wireless adaptor.

Re: Problems authenticating Windows wireless endpoint over dot1x

If these are domain users you could push the wireless profile with a GPO. That way you don't have ti touch all the machines.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Problems authenticating Windows wireless endpoint over dot1x

Some of them are domain users, some of them not. Will see if I can pursuade the client to do it.

Thanks, Steve, anyways.

546
Views
0
Helpful
4
Replies