Re: Vista wireless using IAS and WPA-Enterprise

Hi Paul,

Based on my research, if the problem only occurs on Windows Vista machines,
I suggest you perform the following steps on the Vista machines:

1£®Click Start , click All Programs, click Accessories, and then click
Command Prompt.
2£®At the command prompt, type the following command, and then press ENTER:
netsh interface tcp set global autotuninglevel=disabled
This command disables the Receive Window Auto-Tuning feature.
3£®Try to make a non-HTTP network connection.
Note: If the connectivity problem is resolved, contact the manufacturer of
the firewall device for steps to correct the issue.
4£®At a command prompt, type the following command, and then press ENTER:
netsh interface tcp set global autotuninglevel=normal
This command enables Receive Window Auto-Tuning again so that you can take
advantage of the network throughput performance increase it provides.

Also I found there are new KB articles already described for this issue and
give the workaround.
934430: Network connectivity may fail when you try to use Windows Vista
behind a firewall device
http://support.microsoft.com/kb/934430

929868: A Web site sends data very slowly or drops the data completely when
you use Windows Vista Enterprise
http://support.microsoft.com/kb/929868

935400: It takes a very long time to download an e-mail message from a POP3
server in Outlook 2007
http://support.microsoft.com/kb/935400

Hope that helps!

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <JazzyJ187@xxxxxxxxxxxxxxxx>
| References: <CB717348-F026-42B2-BED0-6AD0DAF42784@xxxxxxxxxxxxx>
<OvXp5E9xHHA.404@xxxxxxxxxxxxxxxxxxxx>
<EB1DC5EB-D1C7-43D2-943E-755251B9E8B5@xxxxxxxxxxxxx>
<uE4PtN$xHHA.5068@xxxxxxxxxxxxxxxxxxxx>
<44117B87-F9C9-40F4-9597-753F965AB39E@xxxxxxxxxxxxx>
<i#i1t7ByHHA.5836@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Vista wireless using IAS and WPA-Enterprise
| Date: Tue, 17 Jul 2007 03:02:12 -0700
| Lines: 217
| Message-ID: <5ED8C7EE-1A2C-42BE-BB12-A9858AD4B819@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:5830
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| Hi,
|
| Thanks for your suggestion I've tried this and it makes no difference, I
| tried setting it to various numbers 1344,1000,64,128 none made any
| difference. I have since found out that using another make Access Point
| rather than 3Com and Vista will connect but all 3Com acccess points i've
| tried work fine with XP but not with Vista.
|
| I'm not sure what else to try.
|
| Regards
| Paul Mckenna
|
| ""Ken Zhao [MSFT]"" wrote:
|
| > Hello Paul,
| >
| > Thank you for using newsgroup!
| >
| > From your post, I'd like to suggest you try to reduce the EAP packet
size
| > of a Remote Authentication Dial-In User Service (RADIUS) server. You
can do
| > this by using the Framed-MTU attribute in Internet Authentication
Services
| > (IAS) of a Microsoft Windows Server 2003-based computer. For more
detailed
| > steps, please refer to:
| > 883389: How to reduce the EAP packet size by using the Framed MTU
attribute
| > in Windows Server 2003
| > http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
| > ====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > ====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
| > | X-WBNR-Posting-Host: 207.46.193.207
| > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <JazzyJ187@xxxxxxxxxxxxxxxx>
| > | References: <CB717348-F026-42B2-BED0-6AD0DAF42784@xxxxxxxxxxxxx>
| > <OvXp5E9xHHA.404@xxxxxxxxxxxxxxxxxxxx>
| > <EB1DC5EB-D1C7-43D2-943E-755251B9E8B5@xxxxxxxxxxxxx>
| > <uE4PtN$xHHA.5068@xxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
| > | Date: Mon, 16 Jul 2007 15:06:04 -0700
| > | Lines: 115
| > | Message-ID: <44117B87-F9C9-40F4-9597-753F965AB39E@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.networking
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.networking:5812
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.networking
| > |
| > | again I Appreciate your response but this works with XP, XP sends the
| > message
| > | to IAS that it wants to use PEAP authentication where as Vista sends
the
| > | message to use EAP (which is not configured and is not something i
want
| > to
| > | use) even though Vista is configured to use PEAP.
| > | So although these error message will probably help with someone who
wants
| > to
| > | use EAP-TLS without having properly configured it. They don't really
shed
| > any
| > | light on my problem.
| > |
| > | Thnaks again
| > |
| > | Regards
| > | Paul
| > |
| > |
| > | "Robert L [MVP - Networking]" wrote:
| > |
| > | > Or this post:.
| > | >
| > | > IAS Reason-Code = 22 and 97
| > | > http://chicagotech.net/netforums/viewtopic.php?t=1063
| > | >
| > | > Bob Lin, MS-MVP, MCSE & CNE
| > | > Networking, Internet, Routing, VPN Troubleshooting on
| > http://www.ChicagoTech.net
| > | > How to Setup Windows, Network, VPN & Remote Access on
| > http://www.HowToNetworking.com
| > | > "Paul Mckenna" <JazzyJ187@xxxxxxxxxxxxxxxx> wrote in message
| > news:EB1DC5EB-D1C7-43D2-943E-755251B9E8B5@xxxxxxxxxxxxxxxx
| > | >
| > | > Thanks for your quick response, It's my fault i posted the wrong
| > error
| > | > message.. The actual failure is
| > | >
| > | > User DOMAIN\Paul was denied access.
| > | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
| > | > NAS-IP-Address = 192.168.100.126
| > | > NAS-Identifier =
| > | > Called-Station-Identifier = <not present>
| > | > Calling-Station-Identifier = <not present>
| > | > Client-Friendly-Name = 3com
| > | > Client-IP-Address = 192.168.100.126
| > | > NAS-Port-Type = Wireless - IEEE 802.11
| > | > NAS-Port = 29
| > | > Proxy-Policy-Name = Use Windows authentication for all users
| > | > Authentication-Provider = Windows
| > | > Authentication-Server = <undetermined>
| > | > Policy-Name = VPN
| > | > Authentication-Type = EAP
| > | > EAP-Type = <undetermined>
| > | > Reason-Code = 22
| > | > Reason = The client could not be authenticated because the
| > Extensible
| > | > Authentication Protocol (EAP) Type cannot be processed by the
server.
| > | >
| > | > For more information, see Help and Support Center at
| > | > http://go.microsoft.com/fwlink/events.asp.
| > | >
| > | > It seems to be that Vista is sending that it wants to use EAP
even
| > though
| > | > it's configured to use PEAP.
| > | >
| > | > "Robert L [MVP - Networking]" wrote:
| > | >
| > | > > I would double check the remote Access Policy. This post may
help,
| > | > >
| > | > > IAS Reason-Code = 65
| > | > >
| > | > > http://www.chicagotech.net/netforums/viewtopic.php?p=1711#1711
| > | > >
| > | > >
| > | > > Bob Lin, MS-MVP, MCSE & CNE
| > | > > Networking, Internet, Routing, VPN Troubleshooting on
| > http://www.ChicagoTech.net
| > | > > How to Setup Windows, Network, VPN & Remote Access on
| > http://www.HowToNetworking.com
| > | > > "Paul Mckenna" <JazzyJ187@xxxxxxxxxxxxxxxx> wrote in message
| > news:CB717348-F026-42B2-BED0-6AD0DAF42784@xxxxxxxxxxxxxxxx
| > | > > Hi,
| > | > >
| > | > > I've got a problem with Vista not connecting to our wireless
| > network,
| > | > > Everything works great with XP but on Vista although Vista is
| > configured to
| > | > > use PEAP i get this error message on the server when the
Vista PC
| > try to
| > | > > connect...
| > | > >
| > | > > User host/Paul07.domain.local was denied access.
| > | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
| > | > > NAS-IP-Address = 192.168.100.126
| > | > > NAS-Identifier =
| > | > > Called-Station-Identifier = <not present>
| > | > > Calling-Station-Identifier = <not present>
| > | > > Client-Friendly-Name = 3com
| > | > > Client-IP-Address = 192.168.100.126
| > | > > NAS-Port-Type = Wireless - IEEE 802.11
| > | > > NAS-Port = 29
| > | > > Proxy-Policy-Name = Use Windows authentication for all users
| > | > > Authentication-Provider = Windows
| > | > > Authentication-Server = <undetermined>
| > | > > Policy-Name = Connections to other access servers
| > | > > Authentication-Type = EAP
| > | > > EAP-Type = <undetermined>
| > | > > Reason-Code = 65
| > | > > Reason = The connection attempt failed because remote access
| > permission for
| > | > > the user account was denied. To allow remote access, enable
| > remote access
| > | > > permission for the user account, or, if the user account
| > specifies that
| > | > > access is controlled through the matching remote access
policy,
| > enable remote
| > | > > access permission for that remote access policy.
| > | > >
| > | > > For more information, see Help and Support Center at
| > | > > http://go.microsoft.com/fwlink/events.asp.
| > | > >
| > | > > At the moment IAS is only configured to accept PEAP
| > authentication, If i
| > | > > enable EAP (Which i don't want to use) i get this message..
| > | > >
| > | > > Because no certificate has been configured for clients
dialing in
| > with
| > | > > EAP-TLS, a default certificate is being sent to user
domain\paul.
| > Please go
| > | > > to the user's Remote Access Policy and configure the
Extensible
| > | > > Authentication Protocol (EAP).
| > | > >
| > | > > Like i say Vista is configured to PEAP but for some reason
seems
| > to be
| > | > > sending info that it wants to use EAP-TLS
| > | > >
| > | > > What am i doing wrong?
| > | > >
| > | > > Thanks in advance for any help
| > |
| >
| >
|

.

Relevant Pages

  • Re: Microsoft allows bypass of Vista activation
    ... activation was required before you could update windows... ... need to "activate" Vista indefinitely. ... Microsoft has required "product activation" ... Right-click the Registry key named SkipRearm and click Edit. ...
    (alt.sys.pc-clone.dell)
  • Re: VISTA is nice!
    ... widespread Beta 2 in about 2 weeks. ... Microsoft is not run by fools, then why would what you have now ... represent Vista as it is going to be released, ... look like previous versions of Windows. ...
    (comp.sys.mac.advocacy)
  • Re: What About Antivirus on Vista?
    ... It even needs protection from Microsoft... ... device driver updates causing Vista to deactivate - by James Bannan ... Then a few days ago I got a Windows Activation prompt - I had three days to ... information as reported by device drivers. ...
    (microsoft.public.windowsxp.general)
  • Microsoft despratly trying to convice people that vista is something else than total crap!
    ... Then that same group will be disgusted with CRAPISTA VISTA like everyone else is.. ... REDMOND, Wash.--After months of searching for ways to defend its oft-maligned Windows operating system, Microsoft may just have found its best weapon: ... Windows unit business chief Bill Veghte told CNET News that he wants to see his unit try new things to get the message across. ...
    (microsoft.public.windows.vista.general)
  • Re: Microsoft despratly trying to convice people that vista is something else than total crap!
    ... Then that same group will be disgusted with CRAPISTA VISTA like everyone ... Microsoft looks to 'Mojave' to revive Vista's image ... last week traveled to San Francisco, rounding up Windows XP users who had ... Windows unit business chief Bill Veghte told CNET News that he ...
    (microsoft.public.windows.vista.general)