+ Post New Thread
Results 1 to 10 of 10
Windows Thread, 802.1x Wireless User Auth w/ XP Mandatory Profiles? in Technical; Hi there, Anyone ever had problems with 802.1x (EAP-MS-CHAPV2) user authentication over wireless not working when using mandatory user profiles ...
  1. #1

    Join Date
    Aug 2008
    Location
    London
    Posts
    5
    Thank Post
    0
    Thanked 3 Times in 2 Posts
    Rep Power
    0

    802.1x Wireless User Auth w/ XP Mandatory Profiles?

    Hi there,

    Anyone ever had problems with 802.1x (EAP-MS-CHAPV2) user authentication over wireless not working when using mandatory user profiles (WinXP, SP3)?

    When a user logs on with a mandatory profile the RADIUS server (IAS on 2008) just sees repeated attempts to authenticate, but there's never an IAS_SUCCESS event indicating a proper connection (the clients stall at the 'validating identity' stage). Simply changing the profile to a normal roaming profile (NTUSER.MAN --> NTUSER.DAT, no other changes) results in everything working fine with successful authentication, and connection, etc. Rather odd and rather frustrating - the lack of anything on Google makes me wonder if it mightn't be an SP3 foible, but annoyingly I don't have any SP2 machines immediately to hand...

    Will crack out Wireshark/Process Monitor tomorrow and figure this out, but kind of hopeful someone here might well have experienced this before?

    Cheers,

    Chris.

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,376
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Have you tired recreating a profile?

    Z

  3. #3

    Join Date
    Aug 2007
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Having same problem

    Did anyone find a fix for this problem. I am having the same thing happen.

    Thanks

    Ricky

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,689
    Thank Post
    756
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    Interesting we use machine authentication here so don't have an issue with user profiles.

    Ben

  5. #5

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    748
    Thank Post
    17
    Thanked 109 Times in 69 Posts
    Rep Power
    38
    Quote Originally Posted by ChrisCole View Post
    Hi there,

    Anyone ever had problems with 802.1x (EAP-MS-CHAPV2) user authentication over wireless not working when using mandatory user profiles (WinXP, SP3)?

    When a user logs on with a mandatory profile the RADIUS server (IAS on 2008) just sees repeated attempts to authenticate, but there's never an IAS_SUCCESS event indicating a proper connection (the clients stall at the 'validating identity' stage). Simply changing the profile to a normal roaming profile (NTUSER.MAN --> NTUSER.DAT, no other changes) results in everything working fine with successful authentication, and connection, etc. Rather odd and rather frustrating - the lack of anything on Google makes me wonder if it mightn't be an SP3 foible, but annoyingly I don't have any SP2 machines immediately to hand...

    Will crack out Wireshark/Process Monitor tomorrow and figure this out, but kind of hopeful someone here might well have experienced this before?

    Cheers,

    Chris.
    Hi,

    I don;t know if mandatory profile locks down the registry but with that setup the users will need access to HKEY_CURRENT_USER\Software\Microsoft\EAPOL\UserEap Info

    Try to see if access is denied to this section of the registry.

    Ash.

  6. #6

    Join Date
    Aug 2007
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by plexer View Post
    Interesting we use machine authentication here so don't have an issue with user profiles.

    Ben
    Yeah, we have to use Computer Authentication now since SP3. Whatever happened, SP3 it. We had no problem until we upgraded to SP3. Wonder why Microsoft would have disabled 802.1x User Authenication with Mandatory Profiles?

    Thanks

    Ricky

  7. #7

    Join Date
    Nov 2008
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I am also having the same problem.... after taking forever to narrow down...

    No one have a proper fix without moving to computer auth or changing to roaming profiles.....?

  8. #8

    Join Date
    Feb 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We are also having this issue - what brand of Access Points are you using?

    Has there been any solution to this without changing Authentication types?

  9. #9
    trolley01's Avatar
    Join Date
    Mar 2009
    Location
    Wisbech
    Posts
    71
    Thank Post
    3
    Thanked 18 Times in 14 Posts
    Rep Power
    15

    Thumbs up Solution!

    Just been working on this issue myself, and have found a solution.

    Microsoft have released a hotfix to solve the problem, which allows user authentication to take place using 802.1x on Windows XP SP3.

    A Windows XP Service Pack 3-based client computer cannot use the IEEE 802.1x authentication when you use PEAP with PEAP-MSCHAPv2 in a domain

    Hope this helps.

  10. #10

    Join Date
    Jul 2005
    Location
    Lancaster
    Posts
    35
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hiya

    we had a similar problem, dont have time to check if its same as the one posted above but ours turned out to be a server2008 issue.

    search for and read up on KB969111, sorry if its the same as already posted

    Dave



SHARE:
+ Post New Thread

Similar Threads

  1. Mandatory Profiles
    By jcollings in forum Wireless Networks
    Replies: 7
    Last Post: 9th September 2009, 04:36 PM
  2. Mandatory Profiles
    By leegcvcc in forum Windows
    Replies: 12
    Last Post: 9th May 2008, 10:45 AM
  3. Wireless 802.1x RADIUS authentication using IAS server
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 3rd January 2008, 07:15 PM
  4. Wireless - WPA/802.1x
    By wesleyw in forum Hardware
    Replies: 2
    Last Post: 4th October 2007, 10:34 AM
  5. Mandatory Profiles
    By HodgeHi in forum Windows
    Replies: 2
    Last Post: 6th December 2006, 12:56 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •