Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3437
Views
0
Helpful
4
Replies

Windows 10, EAP-TLS native supplicant does not respond to EAP identity requests

Johannes Luther
Level 4
Level 4

‎03-11-2020 03:36 AM - edited ‎03-11-2020 03:37 AM

Hi all,

in the past, there was this great community page "Getting past intermittent/unexplained 802.1x problems on Windows 7" with a list of hotfixes and workarounds for the native Windows 7 supplicant.

 

As of today, I'm playing around with Windows 10 and EAP-TLS. Everything works fine, when I'm

  • Disabling / enabling the switch port
  • Disabling / enabling  the Windows network adapter
  • Disabling / enabling  the wired autoconfig service

 

However, if I'm clearing the access session on the switch port, the switch initiates the EAP session:

==> An EAP identity request is sent to the Windows 10 PC - I can see it in a Wireshark capture.

 

However, the Win10 PC doesn't even considering answering to this... at some point, even if the Windows 10 network adapter shows "authentication failed", the PC doesn't answer to those identity request. Disabling and enabling the Windows network adapter repairs this situation, because then the Win10 PC initiates the EAP session.

 

I know this behavior from the "old days" with WinXP and Win7 ... there were some hotfixes for this issue.

 

Question: Does anybody know this behavior? What is the expected behavior? I would expect, that Windows responds to EAP identity requests.

3 people had this problem
Labels:
0 Helpful
4 Replies 4

Cristian Matei
VIP Alumni
VIP Alumni

‎03-11-2020 06:01 AM

Hi,

 

    Could be Some Windows hot fix, or could be NIC drivers. Perform the following steps:

          - pick up one PC with the problem and update the NIC driver to the lasses version; see if it got fixed

          - disable Windows Fast Startup; see if got fixed

          - disable NIC power saving from "Device Manager"; see if it got fixed

 

Regards,

Cristian Matei.

0 Helpful

Johannes Luther
Level 4
Level 4

‎03-11-2020 06:49 AM

Hi @Cristian Matei  (again)  :)

Thanks for the answer... so, I will try this (it's a VM based on VMware ...)

But what I guess from your answer is, that this is not an expected Win10 behavior.

 

==> Win10 should normally "behave better" - right?

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-11-2020 09:08 AM

Hi,

 

   Should, would, must, should not, should have.... you see where i'm getting to. There are too many things to be taken into consideration when something new like a new NIC feature comes up, so it's gonna screw up something. Hopefully you'll have it sorted out from the above mentioned steps, otherwise we'll have to do a packet capture and maybe go tweak the registry. At least it's Windows, we have registry, in MAC sometimes you'll have to go kernel.

   With VM's, from my experience, if you want to have a correct conclusion, always shutdown the VM and restart it, test and that's it; ideally have a freshly installed VM. Whenever i'm teaching a CCIE bootcamp where i use VM's for 802.1x, its always a misery.

 

Regards,

Cristian Matei.

0 Helpful

peter.matuska1
Level 1
Level 1

‎02-05-2021 10:31 PM

Hi, have you found a solution? i have the same problem. Thank you

0 Helpful
Customers Also Viewed These Support Documents