Re: Vista wireless using IAS and WPA-Enterprise


Thanks for your suggestion.

I've tried turning off autotuninglevel on the Vista machines but with no
joy, I've also looked at the KB articles none of which seem to relate to the
problem i'm having but i've tried the suggestions, Still nothing.

Just to recap when using any 3Com Access Point with a windows Vista client
the 3com access point sends data to the IAS server to say it wants to use EAP
(even thought vista is configured to use PEAP) authentication, with an XP
client the 3com box sends it want to use PEAP authentication. If i enable
EAP-TLS authentication on IAS and install a user certificate on the Vista
machine and set Vista to use a certificate to log in, the connection works
but it's a lot of hassle maintaining and installing certificates for each
user, i would much rather use PEAP.

Regards
Paul Mckenna
""Ken Zhao [MSFT]"" wrote:

Hi Paul,

Based on my research, if the problem only occurs on Windows Vista machines,
I suggest you perform the following steps on the Vista machines:

1£®Click Start , click All Programs, click Accessories, and then click
Command Prompt.
2£®At the command prompt, type the following command, and then press ENTER:
netsh interface tcp set global autotuninglevel=disabled
This command disables the Receive Window Auto-Tuning feature.
3£®Try to make a non-HTTP network connection.
Note: If the connectivity problem is resolved, contact the manufacturer of
the firewall device for steps to correct the issue.
4£®At a command prompt, type the following command, and then press ENTER:
netsh interface tcp set global autotuninglevel=normal
This command enables Receive Window Auto-Tuning again so that you can take
advantage of the network throughput performance increase it provides.

Also I found there are new KB articles already described for this issue and
give the workaround.
934430: Network connectivity may fail when you try to use Windows Vista
behind a firewall device
http://support.microsoft.com/kb/934430

929868: A Web site sends data very slowly or drops the data completely when
you use Windows Vista Enterprise
http://support.microsoft.com/kb/929868

935400: It takes a very long time to download an e-mail message from a POP3
server in Outlook 2007
http://support.microsoft.com/kb/935400

Hope that helps!

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <JazzyJ187@xxxxxxxxxxxxxxxx>
| References: <CB717348-F026-42B2-BED0-6AD0DAF42784@xxxxxxxxxxxxx>
<OvXp5E9xHHA.404@xxxxxxxxxxxxxxxxxxxx>
<EB1DC5EB-D1C7-43D2-943E-755251B9E8B5@xxxxxxxxxxxxx>
<uE4PtN$xHHA.5068@xxxxxxxxxxxxxxxxxxxx>
<44117B87-F9C9-40F4-9597-753F965AB39E@xxxxxxxxxxxxx>
<i#i1t7ByHHA.5836@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Vista wireless using IAS and WPA-Enterprise
| Date: Tue, 17 Jul 2007 03:02:12 -0700
| Lines: 217
| Message-ID: <5ED8C7EE-1A2C-42BE-BB12-A9858AD4B819@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:5830
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| Hi,
|
| Thanks for your suggestion I've tried this and it makes no difference, I
| tried setting it to various numbers 1344,1000,64,128 none made any
| difference. I have since found out that using another make Access Point
| rather than 3Com and Vista will connect but all 3Com acccess points i've
| tried work fine with XP but not with Vista.
|
| I'm not sure what else to try.
|
| Regards
| Paul Mckenna
|
| ""Ken Zhao [MSFT]"" wrote:
|
| > Hello Paul,
| >
| > Thank you for using newsgroup!
| >
| > From your post, I'd like to suggest you try to reduce the EAP packet
size
| > of a Remote Authentication Dial-In User Service (RADIUS) server. You
can do
| > this by using the Framed-MTU attribute in Internet Authentication
Services
| > (IAS) of a Microsoft Windows Server 2003-based computer. For more
detailed
| > steps, please refer to:
| > 883389: How to reduce the EAP packet size by using the Framed MTU
attribute
| > in Windows Server 2003
| > http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
| > ====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > ====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
| > | X-WBNR-Posting-Host: 207.46.193.207
| > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <JazzyJ187@xxxxxxxxxxxxxxxx>
| > | References: <CB717348-F026-42B2-BED0-6AD0DAF42784@xxxxxxxxxxxxx>
| > <OvXp5E9xHHA.404@xxxxxxxxxxxxxxxxxxxx>
| > <EB1DC5EB-D1C7-43D2-943E-755251B9E8B5@xxxxxxxxxxxxx>
| > <uE4PtN$xHHA.5068@xxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
| > | Date: Mon, 16 Jul 2007 15:06:04 -0700
| > | Lines: 115
| > | Message-ID: <44117B87-F9C9-40F4-9597-753F965AB39E@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.networking
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.networking:5812
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.networking
| > |
| > | again I Appreciate your response but this works with XP, XP sends the
| > message
| > | to IAS that it wants to use PEAP authentication where as Vista sends
the
| > | message to use EAP (which is not configured and is not something i
want
| > to
| > | use) even though Vista is configured to use PEAP.
| > | So although these error message will probably help with someone who
wants
| > to
| > | use EAP-TLS without having properly configured it. They don't really
shed
| > any
| > | light on my problem.
| > |
| > | Thnaks again
| > |
| > | Regards
| > | Paul
| > |
| > |
| > | "Robert L [MVP - Networking]" wrote:
| > |
| > | > Or this post:.
| > | >
| > | > IAS Reason-Code = 22 and 97
| > | > http://chicagotech.net/netforums/viewtopic.php?t=1063
| > | >
| > | > Bob Lin, MS-MVP, MCSE & CNE
| > | > Networking, Internet, Routing, VPN Troubleshooting on
| > http://www.ChicagoTech.net
| > | > How to Setup Windows, Network, VPN & Remote Access on
| > http://www.HowToNetworking.com
| > | > "Paul Mckenna" <JazzyJ187@xxxxxxxxxxxxxxxx> wrote in message
| > news:EB1DC5EB-D1C7-43D2-943E-755251B9E8B5@xxxxxxxxxxxxxxxx
| > | >
| > | > Thanks for your quick response, It's my fault i posted the wrong
| > error
| > | > message.. The actual failure is
| > | >
| > | > User DOMAIN\Paul was denied access.
| > | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
| > | > NAS-IP-Address = 192.168.100.126
| > | > NAS-Identifier =
| > | > Called-Station-Identifier = <not present>
| > | > Calling-Station-Identifier = <not present>
| > | > Client-Friendly-Name = 3com
| > | > Client-IP-Address = 192.168.100.126
| > | > NAS-Port-Type = Wireless - IEEE 802.11
| > | > NAS-Port = 29
| > | > Proxy-Policy-Name = Use Windows authentication for all users
| > | > Authentication-Provider = Windows
| > | > Authentication-Server = <undetermined>
| > | > Policy-Name = VPN
| > | > Authentication-Type = EAP
| > | > EAP-Type = <undetermined>
| > | > Reason-Code = 22
| > | > Reason = The client could not be authenticated because the
| > Extensible
| > | > Authentication Protocol (EAP) Type cannot be processed by the
server.
| > | >
| > | > For more information, see Help and Support Center at
| > | > http://go.microsoft.com/fwlink/events.asp.
| > | >
| > | > It seems to be that Vista is sending that it wants to use EAP
even
| > though
| > | > it's configured to use PEAP.
| > | >
| > | > "Robert L [MVP - Networking]" wrote:
| > | >
| > | > > I would double check the remote Access Policy. This post may
help,
| > | > >
| > | > > IAS Reason-Code = 65
| > | > >
| > | > > http://www.chicagotech.net/netforums/viewtopic.php?p=1711#1711
| > | > >
| > | > >
| > | > > Bob Lin, MS-MVP, MCSE & CNE
| > | > > Networking, Internet, Routing, VPN Troubleshooting on
| > http://www.ChicagoTech.net
| > | > > How to Setup Windows, Network, VPN & Remote Access on
| > http://www.HowToNetworking.com
| > | > > "Paul Mckenna" <JazzyJ187@xxxxxxxxxxxxxxxx> wrote in message
| > news:CB717348-F026-42B2-BED0-6AD0DAF42784@xxxxxxxxxxxxxxxx
| > | > > Hi,
| > | > >
| > | > > I've got a problem with Vista not connecting to our wireless
| > network,
| > | > > Everything works great with XP but on Vista although Vista is
| > configured to
| > | > > use PEAP i get this error message on the server when the
Vista PC
| > try to
| > | > > connect...
| > | > >
| > | > > User host/Paul07.domain.local was denied access.
| > | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
| > | > > NAS-IP-Address = 192.168.100.126
| > | > > NAS-Identifier =
| > | > > Called-Station-Identifier = <not present>
| > | > > Calling-Station-Identifier = <not present>
| > | > > Client-Friendly-Name = 3com
| > | > > Client-IP-Address = 192.168.100.126
| > | > > NAS-Port-Type = Wireless - IEEE 802.11
| > | > > NAS-Port = 29
| > | > > Proxy-Policy-Name = Use Windows authentication for all users
| > | > > Authentication-Provider = Windows
| > | > > Authentication-Server = <undetermined>
| > | > > Policy-Name = Connections to other access servers
| > | > > Authentication-Type = EAP
| > | > > EAP-Type = <undetermined>
| > | > > Reason-Code = 65
| > | > > Reason = The connection attempt failed because remote access
| > permission for
| > | > > the user account was denied. To allow remote access, enable
| > remote access
| > | > > permission for the user account, or, if the user account
| > specifies that
| > | > > access is controlled through the matching remote access
policy,
| > enable remote
| > | > > access permission for that remote access policy.
| > | > >
| > | > > For more information, see Help and Support Center at
| > | > > http://go.microsoft.com/fwlink/events.asp.
| > | > >
| > | > > At the moment IAS is only configured to accept PEAP
| > authentication, If i
| > | > > enable EAP (Which i don't want to use) i get this message..
| > | > >
.

Relevant Pages

  • Re: Cant start Vista after changing partions
    ... 'Using GParted to Resize Your Windows Vista Partition:: the How-To ... The link indicates Startup Repair will fix things in the rare event ... some situations or in conjunction with the rebuild BCD command. ...
    (microsoft.public.windows.vista.installation_setup)
  • Re: Windows Vista at One Year (Dark Side Report)
    ... Shop manager Aaron Kaplan said they were prompted to put it up because so many people were having problems with Windows Vista, including compatibility issues with older software and trouble adjusting to the interface. ... Microsoft released Windows Vista to the world one year ago with ads likening the new PC operating system to such awe-inspiring moments as the first American spaceflight and the fall of the Berlin Wall. ...
    (soc.retirement)
  • RE: Vista unable to logon with RDP in Remote Web Workplace
    ... I searched for other threads related to TCP Autotuning and found ... Do all Vista workstation have such issue? ... Can you see any error messages when connecting to server desktop? ... When trying to connect to a terminal server from Windows Vista, ...
    (microsoft.public.windows.server.sbs)
  • Re: Connection problem with WPA2 Enterprise with Windows Vista (Home Premium)
    ... I have deployed a Wi-Fi network with WPA2 protocol set, and authentication with RADIUS server, both "users" file and Active Directory. ... Everyone but users that try to get access to Wi-Fi network with a Windows Vista operating system. ... DHCP address from whatever unspecifed device is delivering the IP ...
    (alt.internet.wireless)
  • Re: Apple is Completely Eclipsed
    ... 60 Million Copies of Windows Vista Completely Eclipse Apple - Vista sells ... revenue growth in the 2007 fiscal year ended on June 30. ...
    (comp.sys.mac.advocacy)