Re: Need help configuring Wireless Connection profile
- From: "Newtechie" <newtechie@xxxxxxxxxx>
- Date: Tue, 10 Oct 2006 14:20:18 -0500
Are you sure you're using the same PSK for the current network you're trying
to connect to?
I'm not trying to irritate further you by asking a lot of questions but just
trying to figure out what could be
the problem because I'm really baffled by this one.
"Ryan" <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3B42F709-BC24-49A3-802F-68F7641431DA@xxxxxxxxxxxxxxxx
Thanks for the assistance
Here's a bit more clarification.... The wireless zero service is running,
and I can only use the intel OR windows utility, not both at the same
time.
Anyway, I can connect to a another of our wireless networks using either
client so that confirms the Windows Utility still works - just not for the
WPA2 connection. The one it does work for is only using MAC filtering.
"Newtechie" wrote:
Ok - let's see. I'm sure you know that you can't use both at the same
time.
Have you tried disabling the Intel utility? then, right clicking on the
icon and select use Windows XP configuration. Also, the Wireless Zero
Configuration service has to be running. Check your services and if it's
not running, click on Start to enable it.
"Ryan" <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C521744A-1159-4246-8556-8BE8B9D48768@xxxxxxxxxxxxxxxx
Thanks for the response,
I probably should have made my configuration look a bit more obvious,
but
yes, I know of the WPA2 patch for XP and it is already applied. My
configuration notes this.
Any other ideas?
"Newtechie" wrote:
Well there is an update on the microsoft site for WPA2 encryption but
I
can't remember if it also
covers SBS 2003. Just go there and do a search for 'WPA2'. I think
by
default WinXP only uses
WEP and you have to download updates for WPA and WPA2.
"Ryan" <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA8A95A0-B627-473C-8F3F-A328B9E10761@xxxxxxxxxxxxxxxx
I have an SBS 2003 server and a Server 2003 member server set up
using
RADIUS
authentication and WPA2 encryption. From my laptop, I can connect
using
the
Intel PROSet Wireless Utility, but not the Windows Wireless Utility.
Btw,
my laptop is not joined to the domain so it's only using a user
based
certificate.
I have two questions:
1 What do I need to do to get the Windows Utility to connect?
2 If I get randomly disconnected, and quite often using the Intel
software
would I be right in suspecting the cause may be my access point not
fully
supporting the WPA2 + RADIUS configuration? My servers aren't
logging
anything regarding the disconnects.
I have included my complete Wireless Setup so hopefully this will
help
pinpoint the issue.
My IAS log looks like this:
192.168.16.177,LRG\ryanv,10/10/2006,13:18:29,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless
WPA2
PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 308,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:29,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 308,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:55,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless
WPA2
PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 312,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:55,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 312,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:30,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless
WPA2
PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 316,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:30,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 316,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:45,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless
WPA2
PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 327,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:45,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 327,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,8100,0,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless
WPA2
PEAP
Policy,6,2,4294967207,2,4294967206,4,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4120,0x014C52,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:21:50,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless
WPA2
PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 331,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:21:50,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 331,4132,Secured
password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
My setup is as follows:
SMALL BUSINESS SERVER:
STEP #1 Install Certificate Services
On the SBS server, use the Windows add/remove components tool to
install
Certificate Services
On the CA Type page, select Enterprise Root CA and then click next
On the CA Indentifying Information page, type Lloyd Research Group
Enterprise Root CA
Accept the default storage location for the Root CA
STEP #2 Install Domain Controller Certificate
On the SBS server, go to Start > Run, then type mmc
In the management console, go to File > Add/Remove Snap-in
Add Certificates and select Computer Account
In the Certificates console, expand Local Computer, then right-click
Personal and select Request New Certificate
On the Certificate Types page, select Domain Controller and click
next
On the Certificate Friendly Name and Description Page, type the name
of
the
server and finish installing the certificate
STEP #3 Create Temporary ISA Access Rule
In the ISA Management Console, right-click SBS Protected Networks
Access
Rule and select Configure RPC Protocol
Uncheck Enforce strict RPC compliance and then click OK
Right-click Firewall Policy and select New Access Rule (ISA blocks
certificate requests to a temporary rule is needed to let the
traffic
through)
Configure a new rule as follows:
Name: Temporary Allow All Traffic Rule (for troubleshooting)
Action: Allow
Protocols: All Outbound Traffic
From: All Networks (and Local Host)
To: All Networks (and Local Host)
Users: All Users
Schedule: Always
Content Types: All Content Types
Now apply the changes so the rule is enabled
RADIUS SERVER
STEP #1 Install Certificates to the RADIUS Server
IAS must be installed on a separate server if VPN access is needed
on
the
SBS server. Otherwise, RADIUS requests will fail.
On the IAS/RADIUS server, go to Start > Run, then type mmc
In the management console, go to File > Add/Remove Snap-in
Add Certificates and select Computer Account.
Add the Certificates snap-in again but this time for My User Account
In the Certificates console, expand Local Computer, then right-click
Personal and select Request New Certificate
On the Certificate Friendly Name and Description Page, type the name
of
the
server and finish installing the certificate
Expand Current User, then right-click Personal and select Request
New
Certificate
On the Certificate Friendly Name and Description Page, type the name
of
the
user and finish installing the certificate
STEP #2
Go back to the SBS server and disable the Allow all traffic rule in
the
ISA
Management Console
STEP #3 Install and configure IAS
On the RADIUS server, use the Windows add/remove components tool to
install
IAS
STEP #4 Configure RADIUS Client
Once IAS is installed open the Internet Authentication Service
console
from
the Administrative Tools menu
Right-click the Internet Authentication Service and select Register
Server
in Active Directory
Follow the steps to register the RADIUS server
Right-click RADIUS Clients and select New RADIUS Client
Configure the Client as follows:
Friendly Name: D-Link DI-524
Address: 192.168.16.177
Client-Vendor: RADIUS Standard
Check Request must contain the Message Authenticator attribute
Shared Secret: <Enter a complex password>
STEP #5 Configure Wireless Policy
In the Internet Authentication Service console, right-click Remote
Access
Policies and select New Remote Access Policy
Name the policy Wireless WPA2 PEAP Policy
On the Access Method page, select Wireless
Add Domain Admin, Domain Users, and Mobile Users to the Policy
On the Authentication Methods page, select Protected EAP (PEAP) and
click
configure
The certificate issues should be <servername>.LRG.local
Check off Enable Fast Reconnect and finish creating the policy
Double-Click on the new policy and click Edit Profile
On the Authentication tab, click EAP Methods
Click Add and select Smart Card or other certificate and move it to
the
top
of the EAP types list. Then click OK. (This is created in for use
with
domain computers with both user and computer certificates)
On the Encryption Tab, Only leave Strongest Encryption (MPPE 128
bit)
checked
Click OK twice to apply the policy
ACCESS POINT
Setup the D-Link router as follows:
SSID: Lloyd Research Group
Channel: Auto Select
Mode Setting: G Mode
SSID Broadcast: Enabled
Security: WPA2
PSK/EAP: EAP
RADIUS Server 1: <IP of IAS server>
Port: 1812
Shared Secret: <same secret as in IAS RADIUS Client configuration>
WIRELESS CLIENT
STEP #1 Install User Certificate
Request user cert by navigating to http://lrgi-marlin/certsrv in
Internet
Explorer
Click Request a certificate
Click User Certificate
Click Submit and install the User Certificate to the client computer
STEP #2 Configure Wireless Connection Profile
Settings in Intel PROSet connection Profile:
Mode: Enterprise Security
Network Authentication: WPA2-Enterprise
Data Encryption: AES-COMP
Authentication Type: PEAP
Authentication Protocol: MS-CHAP-V2
Domain: lrg
Roaming Identity: LRG\username
Check Validate Server Credentials under PEAP Server section
Certificate Issuer: Lloyd Research Group Enterprise Root CA
The Windows Wireless Utility Profile I am testing is configured as
follows:
Network Name: Lloyd Research Group
Network Authentication: WPA2
Data Encryption: AES
EAP Type: Protected EAP (PEAP)
Authenticate as computer when computer information is available is
unchecked
Authenticate as guest when user or computer information is
unavailable
is
unchecked
Validate Server Certificate is unchecked
Authentication Method: Secured password (EAP-MSCHAP v2)
Enable Fast Reconnect is checked
Automatically use my Windows logon name and password is unchecked
(Since
my
laptop isn't joined to the domain, I want to be prompted for a
username
.
- References:
- Need help configuring Wireless Connection profile
- From: Ryan
- Re: Need help configuring Wireless Connection profile
- From: Newtechie
- Re: Need help configuring Wireless Connection profile
- From: Ryan
- Re: Need help configuring Wireless Connection profile
- From: Newtechie
- Re: Need help configuring Wireless Connection profile
- From: Ryan
- Need help configuring Wireless Connection profile
- Prev by Date: Re: Change computer name
- Next by Date: Re: Repost - Activation
- Previous by thread: Re: Need help configuring Wireless Connection profile
- Next by thread: Re: Need help configuring Wireless Connection profile
- Index(es):
Relevant Pages
|
