Discussion:
Problems authenticating using WPA2-Enterprise.. Help!
(too old to reply)
Craig
2009-03-08 17:17:20 UTC
Permalink
Hi.

I've been trying to setup wireless networking, using WPA2-Enterprise
security. I'm using IAS on a server, which is also the only domain
controller. The server also has the Certificate Authority server, and
self-generated a certificate. Windows 2003 server.

I've exported the certificate from the server (as *.PB7 file), and install
that on the client (via mmc certmgr.msc snap-in), importing into the
Enterprise Trust folder.

I'm not sure what is going on, but out of about 10 users trying to connect,
I can only get about 4 to work. The clients are personal computers, and a
mix of OS (XP, Vista, Mac OS X). Some of the ones that work are Vista Home
Premium, at least one that works is XP. One computer is a member of the
domain, most are not. As far as I can tell, setup is the same on all. I
personally setup on some, and it all seems the same as the setup on my PC
(which works), yet it fails to work.

In most cases where it doesn't work, it is first because the computer is
trying to authenticate as computer or local login, instead of using the
domain login account. Then the appropriate options are unticked, and the
user is prompted to enter username and password. At this stage, when the
correct username and password is entered, it is not successful, but keeps
prompting to re-enter credentials (often the balloon pops up in bottom right
corner before the user has had time to finish entering details the previous
time), and there is no longer anything in the server logs.

I especially don't understand why there is nothing in the logs showing these
failed attempts to login, even though previous attempts are recorded in the
logs for the same computer (eg when no certificate, or trying automatic
login).

It seems like after a while it stops talking to IAS. Is there some kind of
inbuilt security where a computer is blocked after a certain number of
failed attempts? How long does it take before they can try again?

Also, I'm wondering if I'm using the wrong type of certificate. Also, since
it does work for some computers, it seems like maybe that is ok..?

Any ideas? It is really wrecking my head!

(BTW I tried posting this on wireless group, but no response.. hopefully
more success on this list...)

Thanks,

Craig
James McIllece [MS]
2009-03-13 22:36:30 UTC
Permalink
Hi Craig --

What authentication method are you trying to use? Are you certain that all
of the client computers support the authentication method?

What deployment guide is your source document?

Have you issued a server certificate to the IAS server? This is required,
even if it automatically has a domain controller cert. And the cert must be
configured according to specific requirements. See the IAS Help topic
"Network access authentication and certificates" for the requirements.

*********************

James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

*********************
Post by Craig
Hi.
I've been trying to setup wireless networking, using WPA2-Enterprise
security. I'm using IAS on a server, which is also the only domain
controller. The server also has the Certificate Authority server, and
self-generated a certificate. Windows 2003 server.
I've exported the certificate from the server (as *.PB7 file), and
install that on the client (via mmc certmgr.msc snap-in), importing
into the Enterprise Trust folder.
I'm not sure what is going on, but out of about 10 users trying to
connect, I can only get about 4 to work. The clients are personal
computers, and a mix of OS (XP, Vista, Mac OS X). Some of the ones
that work are Vista Home Premium, at least one that works is XP. One
computer is a member of the domain, most are not. As far as I can
tell, setup is the same on all. I personally setup on some, and it all
seems the same as the setup on my PC (which works), yet it fails to
work.
In most cases where it doesn't work, it is first because the computer
is trying to authenticate as computer or local login, instead of using
the domain login account. Then the appropriate options are unticked,
and the user is prompted to enter username and password. At this
stage, when the correct username and password is entered, it is not
successful, but keeps prompting to re-enter credentials (often the
balloon pops up in bottom right corner before the user has had time to
finish entering details the previous time), and there is no longer
anything in the server logs.
I especially don't understand why there is nothing in the logs showing
these failed attempts to login, even though previous attempts are
recorded in the logs for the same computer (eg when no certificate, or
trying automatic login).
It seems like after a while it stops talking to IAS. Is there some
kind of inbuilt security where a computer is blocked after a certain
number of failed attempts? How long does it take before they can try
again?
Also, I'm wondering if I'm using the wrong type of certificate. Also,
since it does work for some computers, it seems like maybe that is
ok..?
Any ideas? It is really wrecking my head!
(BTW I tried posting this on wireless group, but no response..
hopefully more success on this list...)
Thanks,
Craig
Loading...