RE: 802.1x, Computers, Wired Security

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance


Hello,

As the User authentication using PEAP/MSCHAPv2 is working, the 802.1X wired
service on the Windows XP SP3 should functions properly. However, because
the TLS with certificates needs the certificate that enrolled from the CA.
Please verify the certificates on the client machine that connect to 802.1x
wired network as I mentioned in my previous post.

814394 Certificate requirements when you use EAP-TLS or
PEAP with EAP-TLS
http://support.microsoft.com/kb/814394

Client side:

1. Is there a computer certificate that enrolled from the domain CA?

2. Does computer certificate on the client chain to a trusted root? Can you
verify the certificate path successfully?
- You can select the trusted root certification authorities in the
Network Connection--->properties--->authentication tab--->PEAP settings
(PEAP properties).

3. Do you select the Smart card or other certificate (you used to use
MSCHAPv2) as the Authentication method for PEAP?

4. Does the computer certificate have the Client Authentication purpose?

Server side:

1. Does the option "validate server certificate" is chosen on the client?
If yes, please verify the IAS
Server's computer certificate for Server Authentication purpose and its
certificate path .

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.


Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: LDP client authentication fails
    ... The remote server has requested SSL client authentication, ... I have copied the personal certificate as follows: ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP client authentication fails
    ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Client certificate authentication
    ... "SSPI Mutual Authentication Is Indicated on the Client Side But Not on the ... I have seen an known issue of AcceptSecurityContext() not return ... successfully able to map the certificate to a user account in AD. ...
    (microsoft.public.platformsdk.security)
  • RE: Client certificate authentication
    ... "SSPI Mutual Authentication Is Indicated on the Client Side But Not on the ... I have seen an known issue of AcceptSecurityContext() not return ... successfully able to map the certificate to a user account in AD. ...
    (microsoft.public.platformsdk.security)
  • SNA 3270 to IP TN3270 Conversion =?ISO-8859-1?Q?=96?= Data Stream Encryption
    ... asked them on their thoughts regarding data stream encryption, ... which means that all data is encrypted before it is sent to the client. ... certificate and the keys from three different places: ... SSL client authentication provides additional authentication and access ...
    (bit.listserv.ibm-main)