Problems authenticating Windows wireless endpoint over dot1x
The problem seems to be lying inside Windows stupid logic of connecting to wireless networks.
This is what I discovered. Let's say this is brand new PC that doesn't know anything about a new wireless network.
You open a list of available wireless networks and connect to the required one. You are an average user and you don't have a slightest idea what dot1x and EAP is about.
You simply connect and wait for some kind of interactive behaviour. Nothing happens. Windows opens a yellow baloon message saying "Windows was unable to find a certificate to log you on the network". The connection stucks on Validating Identity phase.
I go into the wireless settings and find that:
1) The required SSID is automatically selected
2) Its authentication paramater is set to "Smart Card or other Certificate"
3) Validate server certificate is checked
Ok, I'm thinking that I'll have to teach average users to be computer nerds and change to the settings of their wireless connection. I go to wireless settings, authentication and change it to PEAP, uncheck "Validate server certificates" and disable "automatically use my windows logon name and password". The goes through and I'm being authenticated and connected. Life is good and I'm going home.
Then I come back on the next day and try to connect again to the same network. To my greatest suprise and frustration I can't connect again. Verifying wireless settings reveals that damn stupid Windows again tries to use "Smart Card or other certificate" in the authentication settings even though the connection is now in the manual state.
I'm wondering what kind of warped logic do Windows developers pursue when they design their Windows based wireless management. It doesn't work this way if I use a third party wireless management application for my wireless adaptor.