03-11-2020 03:36 AM - edited 03-11-2020 03:37 AM
Hi all,
in the past, there was this great community page "Getting past intermittent/unexplained 802.1x problems on Windows 7" with a list of hotfixes and workarounds for the native Windows 7 supplicant.
As of today, I'm playing around with Windows 10 and EAP-TLS. Everything works fine, when I'm
However, if I'm clearing the access session on the switch port, the switch initiates the EAP session:
==> An EAP identity request is sent to the Windows 10 PC - I can see it in a Wireshark capture.
However, the Win10 PC doesn't even considering answering to this... at some point, even if the Windows 10 network adapter shows "authentication failed", the PC doesn't answer to those identity request. Disabling and enabling the Windows network adapter repairs this situation, because then the Win10 PC initiates the EAP session.
I know this behavior from the "old days" with WinXP and Win7 ... there were some hotfixes for this issue.
Question: Does anybody know this behavior? What is the expected behavior? I would expect, that Windows responds to EAP identity requests.
03-11-2020 06:01 AM
Hi,
Could be Some Windows hot fix, or could be NIC drivers. Perform the following steps:
- pick up one PC with the problem and update the NIC driver to the lasses version; see if it got fixed
- disable Windows Fast Startup; see if got fixed
- disable NIC power saving from "Device Manager"; see if it got fixed
Regards,
Cristian Matei.
03-11-2020 06:49 AM
Hi @Cristian Matei (again) :)
Thanks for the answer... so, I will try this (it's a VM based on VMware ...)
But what I guess from your answer is, that this is not an expected Win10 behavior.
==> Win10 should normally "behave better" - right?
03-11-2020 09:08 AM
Hi,
Should, would, must, should not, should have.... you see where i'm getting to. There are too many things to be taken into consideration when something new like a new NIC feature comes up, so it's gonna screw up something. Hopefully you'll have it sorted out from the above mentioned steps, otherwise we'll have to do a packet capture and maybe go tweak the registry. At least it's Windows, we have registry, in MAC sometimes you'll have to go kernel.
With VM's, from my experience, if you want to have a correct conclusion, always shutdown the VM and restart it, test and that's it; ideally have a freshly installed VM. Whenever i'm teaching a CCIE bootcamp where i use VM's for 802.1x, its always a misery.
Regards,
Cristian Matei.
02-05-2021 10:31 PM
Hi, have you found a solution? i have the same problem. Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide