cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2461
Views
0
Helpful
8
Replies
Highlighted
Beginner

EAP-TLS wireless issue on only one windows 7 client

Hi!

It may be a windows issue but I thought to check here if someone know the answers.

 

I am succesfully running EAP-TLS with machine certifcate auth from last few months for windows 7 and windows 10. Two of my users reported issue that they cannot connect to it. I can see in the ISE logs that the client is trying to connect. I can see the error like below. (I am checking it from my chrome history)

 

Failure Reason: 12303 failed to negotiate EAP, because PEAP not allowed in 

I even tried with manual SSID with the required parameters but it didnt work as welly.

 

Any suggestion?

8 REPLIES 8
Highlighted
Beginner

The client is trying to use PEAP instead of EAP-TLS. This might be a timing issue, GPO not applying properly, etc. There is a list of Windows hotfixes for 802.1X environments , you might find it helpful.

What do you see in Windows event log on the affected machines? (there is one specifically for Wireless, Event Log -> Applications and Services log -> Microsoft -> Windows -> WLAN AutoConfig -> Operational)

I do see this sometimes in our environment with wired EAP-TLS. Machines at boot attempt to authenticate with PEAP for a second, I see failures in the ISE auth log, but then straight after they perform EAP-TLS auth and pass as expected.

Highlighted

Thanks. It looks like something only happening on windows 7 computer. More users reported that. It works fine on Windows 10 computer.

Highlighted

Hi!

 

I looked into the logs and I can see that Identity: NULL as compared to my windows 10 machine where Identity:  on my machine is my machine name.

Wireless 802.1x authentication failed.

Reason: Explicit Eap failure received
Error: 0x80420014
EAP Reason: 0x80420102
EAP Root cause String:
EAP Error: 0x80420014

Highlighted
Frequent Contributor
Frequent Contributor

I would go with the GPO not applying the profile for EAP-TLS properly on those win machines as indicated before.

 

When I DO NOT have that predefined profile on the company Win 7/10 owned device (open network and sharing devices --- > manage wireless networks --- > profile with the same name as EAP-TLS SSID) , the device automatically tries PEAP even though I am trying to connect to the EAP-TLS SSID.

 

Once I manually add that "profile" for EAP-TLS, problem solved.

Highlighted

Its already set to EAP-TLS authentication. I dont see its using PEAP.

Highlighted

Hello Agrissimanis,

 

Apologies for crashing into this thread, but I also have a similar issue - but all with Windows 10.

When you say "This might be a timing issue, GPO not applying properly, etc" what are your timing recommendations? 

Thank you.

 

Regards,

J

Highlighted

Hi,
Curious to see what you found in your environment
Highlighted

Hi!

 

I moved away from that Job but if I recall well it started with other windows 7 machines as well. I think it was some TLS related thing on Windows 7. As other machines start getting the patch from Microsoft then they started with the same problem.

What I did was to create another policy for PEAP as well.

 

 

Content for Community-Ad