G
Guest
Environment:
Windows 2000 Domain in native mode.
Cisco 1200 series AP
Windows XP SP2 clients using Windows to configure wireless access
WPA2 w/ AES encryption using PEAP
In-house Microsoft PKI (Offline root CA, two intermediate CAs)
Problem:
Wireless stopped working following 2006.11.14 Microsoft updates.
Trace from IAS:
[588] 10:14:29:392: EapPeapBegin
[588] 10:14:29:392: PeapReadUserData
[588] 10:14:29:392:
[588] 10:14:29:392: EapTlsBegin(DOMAIN\Username)
[588] 10:14:29:392: State change to Initial
[588] 10:14:29:392: EapTlsBegin: Detected PEAP authentication
[588] 10:14:29:392: MaxTLSMessageLength is now 16384
[588] 10:14:29:392: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
[588] 10:14:29:392: CRYPT_E_REVOCATION_OFFLINE will not be ignored
[588] 10:14:29:392: The root cert will not be checked for revocation
[588] 10:14:29:392: The cert will be checked for revocation
[588] 10:14:29:392: EapPeapBegin done
[588] 10:14:29:392: EapPeapMakeMessage
[588] 10:14:29:392: EapPeapSMakeMessage
[588] 10:14:29:392: PEAPEAP_STATE_INITIAL
[588] 10:14:29:392: EapTlsSMakeMessage
[588] 10:14:29:392: EapTlsReset
[588] 10:14:29:392: State change to Initial
[588] 10:14:29:392: GetCredentials
[588] 10:14:29:392: Flag is Server and Store is local Machine
[588] 10:14:29:392: GetCachedCredentials
[588] 10:14:29:392: PEAP GetCachedCredentials: Using cached credentials.
[588] 10:14:29:392: BuildPacket
[588] 10:14:29:392: << Sending Request (Code: 1) packet: Id: 3, Length: 6,
Type: 13, TLS blob length: 0. Flags: S
[588] 10:14:29:392: State change to SentStart
[588] 10:14:29:392: EapPeapSMakeMessage done
[588] 10:14:29:392: EapPeapMakeMessage done
[3048] 10:14:29:392: EapPeapMakeMessage
[3048] 10:14:29:392: EapPeapSMakeMessage
[3048] 10:14:29:392: PEAPEAP_STATE_TLS_INPROGRESS
[3048] 10:14:29:392: EapTlsSMakeMessage
[3048] 10:14:29:392: MakeReplyMessage
[3048] 10:14:29:392: Reallocating input TLS blob buffer
[3048] 10:14:29:392: SecurityContextFunction
[3048] 10:14:29:392: AcceptSecurityContext returned 0x90312
[3048] 10:14:29:392: State change to SentHello
[3048] 10:14:29:392: BuildPacket
[3048] 10:14:29:392: << Sending Request (Code: 1) packet: Id: 4, Length:
1396, Type: 13, TLS blob length: 16831. Flags: LM
[3048] 10:14:29:392: EapPeapSMakeMessage done
[3048] 10:14:29:392: EapPeapMakeMessage done
[588] 10:14:29:408: EapPeapMakeMessage
[588] 10:14:29:408: EapPeapSMakeMessage
[588] 10:14:29:408: PEAPEAP_STATE_TLS_INPROGRESS
[588] 10:14:29:408: EapTlsSMakeMessage
[588] 10:14:29:408: MakeReplyMessage
[588] 10:14:29:408: SecurityContextFunction
[588] 10:14:29:408: AcceptSecurityContext returned 0x80090326
[588] 10:14:29:408: State change to SentFinished. Error: 0x80090326
[588] 10:14:29:408: Negotiation unsuccessful
[588] 10:14:29:408: BuildPacket
[588] 10:14:29:408: << Sending Failure (Code: 4) packet: Id: 5, Length: 4,
Type: 0, TLS blob length: 0. Flags:
[588] 10:14:29:408: AuthResultCode = (-2146893018), bCode = (4)
[588] 10:14:29:408: EapPeapSMakeMessage done
[588] 10:14:29:408: EapPeapMakeMessage done
Windows 2000 Domain in native mode.
Cisco 1200 series AP
Windows XP SP2 clients using Windows to configure wireless access
WPA2 w/ AES encryption using PEAP
In-house Microsoft PKI (Offline root CA, two intermediate CAs)
Problem:
Wireless stopped working following 2006.11.14 Microsoft updates.
Trace from IAS:
[588] 10:14:29:392: EapPeapBegin
[588] 10:14:29:392: PeapReadUserData
[588] 10:14:29:392:
[588] 10:14:29:392: EapTlsBegin(DOMAIN\Username)
[588] 10:14:29:392: State change to Initial
[588] 10:14:29:392: EapTlsBegin: Detected PEAP authentication
[588] 10:14:29:392: MaxTLSMessageLength is now 16384
[588] 10:14:29:392: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
[588] 10:14:29:392: CRYPT_E_REVOCATION_OFFLINE will not be ignored
[588] 10:14:29:392: The root cert will not be checked for revocation
[588] 10:14:29:392: The cert will be checked for revocation
[588] 10:14:29:392: EapPeapBegin done
[588] 10:14:29:392: EapPeapMakeMessage
[588] 10:14:29:392: EapPeapSMakeMessage
[588] 10:14:29:392: PEAPEAP_STATE_INITIAL
[588] 10:14:29:392: EapTlsSMakeMessage
[588] 10:14:29:392: EapTlsReset
[588] 10:14:29:392: State change to Initial
[588] 10:14:29:392: GetCredentials
[588] 10:14:29:392: Flag is Server and Store is local Machine
[588] 10:14:29:392: GetCachedCredentials
[588] 10:14:29:392: PEAP GetCachedCredentials: Using cached credentials.
[588] 10:14:29:392: BuildPacket
[588] 10:14:29:392: << Sending Request (Code: 1) packet: Id: 3, Length: 6,
Type: 13, TLS blob length: 0. Flags: S
[588] 10:14:29:392: State change to SentStart
[588] 10:14:29:392: EapPeapSMakeMessage done
[588] 10:14:29:392: EapPeapMakeMessage done
[3048] 10:14:29:392: EapPeapMakeMessage
[3048] 10:14:29:392: EapPeapSMakeMessage
[3048] 10:14:29:392: PEAPEAP_STATE_TLS_INPROGRESS
[3048] 10:14:29:392: EapTlsSMakeMessage
[3048] 10:14:29:392: MakeReplyMessage
[3048] 10:14:29:392: Reallocating input TLS blob buffer
[3048] 10:14:29:392: SecurityContextFunction
[3048] 10:14:29:392: AcceptSecurityContext returned 0x90312
[3048] 10:14:29:392: State change to SentHello
[3048] 10:14:29:392: BuildPacket
[3048] 10:14:29:392: << Sending Request (Code: 1) packet: Id: 4, Length:
1396, Type: 13, TLS blob length: 16831. Flags: LM
[3048] 10:14:29:392: EapPeapSMakeMessage done
[3048] 10:14:29:392: EapPeapMakeMessage done
[588] 10:14:29:408: EapPeapMakeMessage
[588] 10:14:29:408: EapPeapSMakeMessage
[588] 10:14:29:408: PEAPEAP_STATE_TLS_INPROGRESS
[588] 10:14:29:408: EapTlsSMakeMessage
[588] 10:14:29:408: MakeReplyMessage
[588] 10:14:29:408: SecurityContextFunction
[588] 10:14:29:408: AcceptSecurityContext returned 0x80090326
[588] 10:14:29:408: State change to SentFinished. Error: 0x80090326
[588] 10:14:29:408: Negotiation unsuccessful
[588] 10:14:29:408: BuildPacket
[588] 10:14:29:408: << Sending Failure (Code: 4) packet: Id: 5, Length: 4,
Type: 0, TLS blob length: 0. Flags:
[588] 10:14:29:408: AuthResultCode = (-2146893018), bCode = (4)
[588] 10:14:29:408: EapPeapSMakeMessage done
[588] 10:14:29:408: EapPeapMakeMessage done