Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
979
Views
2
Helpful
7
Replies

surface laptop device wifi Disconnection with event

natarajan317
Level 1
Level 1

‎07-24-2023 08:50 AM

Windows device frequently disconnect from wifi with event id 12013.Connecting to network after connecting the machine with hotspot and then swapping to device-wifi network(office_wifi).Device-wifi certificate available in desktop as per log but Cisco device showing NULL with Explicit Eap failure received

Log Name: Microsoft-Windows-WLAN-AutoConfig/Operational
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 17/07/2023 16:55:31
Event ID: 12013
Task Category: (24014)
Level: Error
Keywords:
User: SYSTEM
Computer: DESKTOP
Description:
The description for Event ID 12013 from source Microsoft-Windows-WLAN-AutoConfig cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Intel(R) Wi-Fi 6 AX201 160MHz
EV_RenderedValue_1.00
C0:30:00:00:00:58(laptop)
device-wifi
Infrastructure
70:6D:15:00:00:00(NW device-Cisco)
NULL
Explicit Eap failure received
327685
2151809044
798
A certificate could not be found that can be used with this Extensible Authentication Protocol.
2151809044
6
False

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>12013</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>24014</Task>
<Opcode>205</Opcode>
<Keywords>0x8000000000000600</Keywords>
<TimeCreated SystemTime="2023-07-17T15:55:31.223577800Z" />
<EventRecordID>19440</EventRecordID>
<Correlation />
<Execution ProcessID="4128" ThreadID="4544" />
<Channel>Microsoft-Windows-WLAN-AutoConfig/Operational</Channel>
<Computer>DESKTOP-</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Adapter">Intel(R) Wi-Fi 6 AX201 160MHz</Data>
<Data Name="DeviceGuid">{e1c50514-1a29-405e-ae5f-b76f3a67e6a2}</Data>
<Data Name="LocalMac">C0:30:00:00:00:58</Data>
<Data Name="SSID">device-wifi</Data>
<Data Name="BSSType">Infrastructure</Data>
<Data Name="PeerMac">70:6D:15:00:00:00</Data>
<Data Name="Identity">NULL</Data>
<Data Name="User">
</Data>
<Data Name="Domain">
</Data>
<Data Name="ReasonText">Explicit Eap failure received</Data>
<Data Name="ReasonCode">0x50005</Data>
<Data Name="ErrorCode">0x80420014</Data>
<Data Name="EAPReasonCode">0x31e</Data>
<Data Name="EAPRootCauseString">A certificate could not be found that can be used with this Extensible Authentication Protocol.</Data>
<Data Name="EAPErrorCode">0x80420014</Data>
<Data Name="ConnectionId">0x6</Data>
<Data Name="ExplicitCredentials">false</Data>
</EventData>
</Event>

Labels:
0 Helpful
7 Replies 7

Arne Bier
VIP
VIP

‎07-24-2023 01:33 PM

Hello @natarajan317 

What does your WLAN configuration expect? Is it enabled for Enterprise 802.1X and are you using a RADIUS server?

You've provided a list of Windows error and logs - looks to me like someone has tried to configure a Wireless Supplicant on a Windows device, but the device is not quite setup correctly.

Tell us more about your wireless lan, and what it supports. Are you expecting Wireless 802.1X Certificate authentication (using which certs created by what/whom?), or is it EAP-TEAP, EAP-PEAP, etc.

If the WLAN is setup correctly then a Windows PC can be associated with the SSID, and mostly respond intelligently enough to prompt the user to select a certificate (if one is present on the machine), or to enter some credentials (e.g. AD credentials for EAP-PEAP). But the smarter way to do this is to push a Group Policy to the machine (if AD joined) so that the user does not have to see these interactions.

natarajan317
Level 1
Level 1
In response to Arne Bier

‎10-30-2023 06:08 AM

What does your WLAN configuration expect? Is it enabled for Enterprise 802.1X and are you using a RADIUS server?  - We are using radius server and client device intermittently disconnect from WIFI while verifying logs we found client not able to connect cisco device where it shows null certificate - Mac address is relevant to cisco device
<Data Name="PeerMac">70:6D:15:00:00:00</Data>
<Data Name="Identity">NULL</Data>

We verified Certificate store both user and computer cert available in the device(valid) and Device able to connect same network after connecting to mobile internet(hotspot) and then switch over happening smoothly.

 

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎07-29-2023 08:33 PM

@natarajan317 

> A certificate could not be found that can be used with this Extensible Authentication Protocol.

It seems you picked an auth method that requiring a client certificate but no suitable certificate was in the certificate store.

natarajan317
Level 1
Level 1

‎11-01-2023 08:57 AM

We are using radius server wherenintune enrolled device fails to connect wifi intermittently. While verifying laptop we see event id 12013,12012,8001 relevant logs. While verifying the log we see Mac address relevant to Cisco showing null under certificate. We hv created profiles for SCEP, trusted root certificate in intune.

0 Helpful

thomas
Cisco Employee
Cisco Employee
In response to natarajan317

‎11-06-2023 04:37 PM

This sounds like a Microsoft endpoint configuration issue with Intune provisioning.

0 Helpful

natarajan317
Level 1
Level 1
In response to thomas

‎01-17-2024 06:44 AM

Device able to connect to wifi and its getting randomly kicked out from WIFI connection. We dont see any authentication error in windows. Eventlog clearly shows that it fails to connect Cisco device.Refer blow logs


 InterfaceGuid  {567737C5-66A1-4D39-AEC2-4E95134FEE01}
    InterfaceDescription  Intel(R) Wi-Fi 6 AX201 160MHz
    ConnectionMode  Automatic connection with a profile
    ProfileName  device-wifi
    SSID  device-wifi
    BSSType  Infrastructure
    FailureReason  Explicit Eap failure received
    ReasonCode  327685
    ConnectionId  0x4
    RSSI  -53

   Adapter  Intel(R) Wi-Fi 6 AX201 160MHz
    DeviceGuid  {567737C5-66A1-4D39-AEC2-4E95134FEE01}
    LocalMac  C8:34:8E:00:00:00
    SSID  device-wifi
    BSSType  Infrastructure
    PeerMac  70:6D:15:00:00:00
    ReasonText  Explicit Eap failure received
    ReasonCode  0x50005
    ErrorCode  0x80420014
    ConnectionId  0x4

0 Helpful

Arne Bier
VIP
VIP
In response to natarajan317

‎01-17-2024 12:25 PM

You have shared a lot of the Windows Events so far, and that is great. But we also need to see the ISE Live Logs. Not sure how easily you can reproduce this issue, but I find that an ISE tcpdump capture is worth a million words. If you can capture this during one of these events, then look at the EAP conversation in Wireshark.

Remember also that ISE will give a reason for returning an EAP Failure to the supplicant. ISE is not a magician - if the client has transient issues selecting a certificate, then the EAP Client Hello part of this 802.1X song and dance will fail - and what is ISE to do about that? ISE therefore must declare this a failure in the expected chain of events.

Finding the root cause can be hard. Don't give up. Look at the Wireshark decodes for clues.

Also check your MTU on the LAN on which the ISE PSN is connected - that VLAN must have an MTU of 1500 bytes to fragment frames larger than 1500 bytes - ISE doesn't handle jumbo frames. RADIUS UDP packets are typically smaller than 1500 until you stuff them full of X.509 certificate data  

0 Helpful
Customers Also Viewed These Support Documents