cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5018
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

In this issue, 802.1x authentication for Microsoft Windows XP PC fails with the CS User Unknown error in the Failed Attempt logs on Cisco Secure Access Control Server (ACS).

This issue usually occurs if the machine only sends Machine authentication requests and No User authentication requests.

Resolution

In order to resolve this issue, ensure that the client sends Machine authentication requests and User authentication requests persistently.

Make this registry fix on the Windows XP supplicant PC in order to resolve this issue:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
"SupplicantMode"=dword:00000003 "AuthMode"=dword:00000001


This is information about registry changes:

SupplicantMode:

0 : Disable IEEE 802.1X authentication operation.
1 : Prevent transmission of EAPOL start and EAPOL log off packets under
all scenarios.
2 : Include learning to determine when to initiate the transmission of EAPOL packets. A
Windows XP Service Pack 2 (SP2)-based computer will only send an EAPOL start frame if the
computer receives an EAP request identity frame and if no internal process is currently
ongoing.
3 : Compliant with IEEE 802.1X authentication specification.

AuthMode:

0 : Use the default Windows XP authentication
1 : Always perform user authentication when a user logs on
2 : Perform computer authentication only

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: