RE: Vista Wireless with PEAP/MSCHAPV2

[Dileesh]

I am facing some problem when I try connecting to my wireless network with
CISCO ACS Certificate . To explain in etail, in my office network there is

wireless connection and I was able to connect to the same without any
issues.We were using WEP key till that time But last week they moved to this

authentication based on certificate (CISCO ACS) and then I am not able to
connect from my VISTA. Employees who use XP are not having any issues. These
are

the steps that I did

In the properties, security tab and
In the security type drop down values I chose 802.1X and
In the Encryption type drop down WEP.

In the network authentication method drop down I chose PEAP and checked the
checkbox next to "cache user information for subsequent connections to this

network "then
clicked setting and in the window that opened

I have enabled "Validate Server certificate" and in the Trusted Root
certifcation Authorities I have enabled the certificate that was given by my
network

team and which I installed in my PC.

I have enabled "Do not prompt user to authorise new servers or trusted
certification authorities".

In the "Select Authentication Method" drop down I chose EAP-MSCHAP v2 and I
have enabled the "Enable Fast Reconnect" option as well.

Then I clicked "Configure" button and have enabled "Automatically use my
Windows logon name and password (and domain if any)

DETAILED LOG:
--------------

Root cause:
Windows cannot connect to "mobile"
Windows was unable to verify the identity of the server.

Detailed root cause:
EAP authentication failed because Windows could not verify the authenticity
of the server's certificate
Workaround for hypothesis: Contact the network administrator for "mobile"

Information for connection being diagnosed
Interface GUID: {50e2e69e-29ab-47af-9401-e19158427ae4}
Interface name: Intel(R) PRO/Wireless 3945ABG Network Connection
Interface type: Native WiFi
Profile: mobile
SSID: mobile
SSID length: 6
Connection mode: Infra
Security enabled: Yes
Connection ID: 8
Security settings provided by hardware manufacturer (IHV): No
Profile matches network requirements: Yes
Pre-Association and association status: Success
Security and Authentication:
Configured security type: Open
Configured Encryption type: WEP
Security connect status: Fail 0x0003800b
Number of security packets received: 6
Number of security packets sent: 6
802.1X protocol: Yes
Authentication Identity: Invalid
IAS Server engaged: No
EAP Method supported by IAS Server: Unknown
EAP type: 0
EAP Error: Unknown
Number of 802.1X restarts: 1
Number of 802.1X failures: 1
802.1X status: Fail 0x00050005
Key exchange initiated: No
Unicast keys received: No
Multicast keys received: No

Event Verbosity:0

"Johnathonm" wrote:

> Hotfix KB932063... will resolve your connectivity problems.
>
> It's not live yet....sadly.

[Michael A. Bishop (MSFT]

Not an expert on 802.1x, but I'll take a stab at it....

> Root cause:
> Windows cannot connect to "mobile"
> Windows was unable to verify the identity of the server.
>
> Detailed root cause:
> EAP authentication failed because Windows could not verify the
> authenticity
> of the server's certificate

To me, that says that the network certificate is not tracing back to a root
CA that you've selected in the Properties. If you have the certificate
file, open it up and see which root CA it's signed by and check that root
CA. Alternative, uncheck "Do not prompt the user...." and try to reconnect;
see which CA it says has signed the server's cert in the prompt.

"Dileesh" <Dil...@discussions.microsoft.com> wrote in message
news:29731A5A-C527-465F...@microsoft.com...