Vista Wireless with PEAP/MSCHAPV2

  • Thread starter Thread starter Guest
  • Start date Start date
But whats the problem? For which post is this reply?I am facing some problem
when I try connecting to my wireless network with CISCO ACS Certificate . To
explain in etail, in my office network there is wireless connection and I was
able to connect to the same without any issues.We were using WEP key till
that time But last week they moved to this authentication based on
certificate (CISCO ACS) and then I am not able to connect from my VISTA.
Employees who use XP are not having any issues. I had checked some step by
steps documentations that are available and tried all that, but sadly no
luck. So is there any prob for VISTA with Cisco ACS ? Any solution guys ?
 
I am facing some problem when I try connecting to my wireless network with
CISCO ACS Certificate . To explain in etail, in my office network there is

wireless connection and I was able to connect to the same without any
issues.We were using WEP key till that time But last week they moved to this

authentication based on certificate (CISCO ACS) and then I am not able to
connect from my VISTA. Employees who use XP are not having any issues. These
are

the steps that I did


In the properties, security tab and
In the security type drop down values I chose 802.1X and
In the Encryption type drop down WEP.

In the network authentication method drop down I chose PEAP and checked the
checkbox next to "cache user information for subsequent connections to this

network "then
clicked setting and in the window that opened

I have enabled "Validate Server certificate" and in the Trusted Root
certifcation Authorities I have enabled the certificate that was given by my
network

team and which I installed in my PC.

I have enabled "Do not prompt user to authorise new servers or trusted
certification authorities".


In the "Select Authentication Method" drop down I chose EAP-MSCHAP v2 and I
have enabled the "Enable Fast Reconnect" option as well.

Then I clicked "Configure" button and have enabled "Automatically use my
Windows logon name and password (and domain if any)

DETAILED LOG:
--------------

Root cause:
Windows cannot connect to "mobile"
Windows was unable to verify the identity of the server.

Detailed root cause:
EAP authentication failed because Windows could not verify the authenticity
of the server's certificate
Workaround for hypothesis: Contact the network administrator for "mobile"

Information for connection being diagnosed
Interface GUID: {50e2e69e-29ab-47af-9401-e19158427ae4}
Interface name: Intel(R) PRO/Wireless 3945ABG Network Connection
Interface type: Native WiFi
Profile: mobile
SSID: mobile
SSID length: 6
Connection mode: Infra
Security enabled: Yes
Connection ID: 8
Security settings provided by hardware manufacturer (IHV): No
Profile matches network requirements: Yes
Pre-Association and association status: Success
Security and Authentication:
Configured security type: Open
Configured Encryption type: WEP
Security connect status: Fail 0x0003800b
Number of security packets received: 6
Number of security packets sent: 6
802.1X protocol: Yes
Authentication Identity: Invalid
IAS Server engaged: No
EAP Method supported by IAS Server: Unknown
EAP type: 0
EAP Error: Unknown
Number of 802.1X restarts: 1
Number of 802.1X failures: 1
802.1X status: Fail 0x00050005
Key exchange initiated: No
Unicast keys received: No
Multicast keys received: No


Event Verbosity:0
 
Not an expert on 802.1x, but I'll take a stab at it....
Root cause:
Windows cannot connect to "mobile"
Windows was unable to verify the identity of the server.

Detailed root cause:
EAP authentication failed because Windows could not verify the
authenticity
of the server's certificate

To me, that says that the network certificate is not tracing back to a root
CA that you've selected in the Properties. If you have the certificate
file, open it up and see which root CA it's signed by and check that root
CA. Alternative, uncheck "Do not prompt the user...." and try to reconnect;
see which CA it says has signed the server's cert in the prompt.
 
Back
Top