07-24-2023 08:50 AM
Windows device frequently disconnect from wifi with event id 12013.Connecting to network after connecting the machine with hotspot and then swapping to device-wifi network(office_wifi).Device-wifi certificate available in desktop as per log but Cisco device showing NULL with Explicit Eap failure received
Log Name: Microsoft-Windows-WLAN-AutoConfig/Operational
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 17/07/2023 16:55:31
Event ID: 12013
Task Category: (24014)
Level: Error
Keywords:
User: SYSTEM
Computer: DESKTOP
Description:
The description for Event ID 12013 from source Microsoft-Windows-WLAN-AutoConfig cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Intel(R) Wi-Fi 6 AX201 160MHz
EV_RenderedValue_1.00
C0:30:00:00:00:58(laptop)
device-wifi
Infrastructure
70:6D:15:00:00:00(NW device-Cisco)
NULL
Explicit Eap failure received
327685
2151809044
798
A certificate could not be found that can be used with this Extensible Authentication Protocol.
2151809044
6
False
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>12013</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>24014</Task>
<Opcode>205</Opcode>
<Keywords>0x8000000000000600</Keywords>
<TimeCreated SystemTime="2023-07-17T15:55:31.223577800Z" />
<EventRecordID>19440</EventRecordID>
<Correlation />
<Execution ProcessID="4128" ThreadID="4544" />
<Channel>Microsoft-Windows-WLAN-AutoConfig/Operational</Channel>
<Computer>DESKTOP-</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Adapter">Intel(R) Wi-Fi 6 AX201 160MHz</Data>
<Data Name="DeviceGuid">{e1c50514-1a29-405e-ae5f-b76f3a67e6a2}</Data>
<Data Name="LocalMac">C0:30:00:00:00:58</Data>
<Data Name="SSID">device-wifi</Data>
<Data Name="BSSType">Infrastructure</Data>
<Data Name="PeerMac">70:6D:15:00:00:00</Data>
<Data Name="Identity">NULL</Data>
<Data Name="User">
</Data>
<Data Name="Domain">
</Data>
<Data Name="ReasonText">Explicit Eap failure received</Data>
<Data Name="ReasonCode">0x50005</Data>
<Data Name="ErrorCode">0x80420014</Data>
<Data Name="EAPReasonCode">0x31e</Data>
<Data Name="EAPRootCauseString">A certificate could not be found that can be used with this Extensible Authentication Protocol.</Data>
<Data Name="EAPErrorCode">0x80420014</Data>
<Data Name="ConnectionId">0x6</Data>
<Data Name="ExplicitCredentials">false</Data>
</EventData>
</Event>
07-24-2023 01:33 PM
Hello @natarajan317
What does your WLAN configuration expect? Is it enabled for Enterprise 802.1X and are you using a RADIUS server?
You've provided a list of Windows error and logs - looks to me like someone has tried to configure a Wireless Supplicant on a Windows device, but the device is not quite setup correctly.
Tell us more about your wireless lan, and what it supports. Are you expecting Wireless 802.1X Certificate authentication (using which certs created by what/whom?), or is it EAP-TEAP, EAP-PEAP, etc.
If the WLAN is setup correctly then a Windows PC can be associated with the SSID, and mostly respond intelligently enough to prompt the user to select a certificate (if one is present on the machine), or to enter some credentials (e.g. AD credentials for EAP-PEAP). But the smarter way to do this is to push a Group Policy to the machine (if AD joined) so that the user does not have to see these interactions.
10-30-2023 06:08 AM
What does your WLAN configuration expect? Is it enabled for Enterprise 802.1X and are you using a RADIUS server? - We are using radius server and client device intermittently disconnect from WIFI while verifying logs we found client not able to connect cisco device where it shows null certificate - Mac address is relevant to cisco device
<Data Name="PeerMac">70:6D:15:00:00:00</Data>
<Data Name="Identity">NULL</Data>
We verified Certificate store both user and computer cert available in the device(valid) and Device able to connect same network after connecting to mobile internet(hotspot) and then switch over happening smoothly.
07-29-2023 08:33 PM
> A certificate could not be found that can be used with this Extensible Authentication Protocol.
It seems you picked an auth method that requiring a client certificate but no suitable certificate was in the certificate store.
11-01-2023 08:57 AM
We are using radius server wherenintune enrolled device fails to connect wifi intermittently. While verifying laptop we see event id 12013,12012,8001 relevant logs. While verifying the log we see Mac address relevant to Cisco showing null under certificate. We hv created profiles for SCEP, trusted root certificate in intune.
11-06-2023 04:37 PM
This sounds like a Microsoft endpoint configuration issue with Intune provisioning.
01-17-2024 06:44 AM
Device able to connect to wifi and its getting randomly kicked out from WIFI connection. We dont see any authentication error in windows. Eventlog clearly shows that it fails to connect Cisco device.Refer blow logs
InterfaceGuid {567737C5-66A1-4D39-AEC2-4E95134FEE01}
InterfaceDescription Intel(R) Wi-Fi 6 AX201 160MHz
ConnectionMode Automatic connection with a profile
ProfileName device-wifi
SSID device-wifi
BSSType Infrastructure
FailureReason Explicit Eap failure received
ReasonCode 327685
ConnectionId 0x4
RSSI -53
Adapter Intel(R) Wi-Fi 6 AX201 160MHz
DeviceGuid {567737C5-66A1-4D39-AEC2-4E95134FEE01}
LocalMac C8:34:8E:00:00:00
SSID device-wifi
BSSType Infrastructure
PeerMac 70:6D:15:00:00:00
ReasonText Explicit Eap failure received
ReasonCode 0x50005
ErrorCode 0x80420014
ConnectionId 0x4
01-17-2024 12:25 PM
You have shared a lot of the Windows Events so far, and that is great. But we also need to see the ISE Live Logs. Not sure how easily you can reproduce this issue, but I find that an ISE tcpdump capture is worth a million words. If you can capture this during one of these events, then look at the EAP conversation in Wireshark.
Remember also that ISE will give a reason for returning an EAP Failure to the supplicant. ISE is not a magician - if the client has transient issues selecting a certificate, then the EAP Client Hello part of this 802.1X song and dance will fail - and what is ISE to do about that? ISE therefore must declare this a failure in the expected chain of events.
Finding the root cause can be hard. Don't give up. Look at the Wireshark decodes for clues.
Also check your MTU on the LAN on which the ISE PSN is connected - that VLAN must have an MTU of 1500 bytes to fragment frames larger than 1500 bytes - ISE doesn't handle jumbo frames. RADIUS UDP packets are typically smaller than 1500 until you stuff them full of X.509 certificate data
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide