SCCM 2012 - 802.1x authentication for zero touch installation

Hi guys,
I'm setting up a demo environment for sccm 2012. Our customer has the requirement to enforce 802.1x authentication (username & password without certificates) on the network. So I need a 802.1x integration into the WinPE image, that clients can access
the install vlan instead of the guest vlan during the zero touch Windows 7 OS install process.
What I did before:
 - mount the SCCM modified WinPE image (boot.XXX99999.wim)
 - integration of the KB972831 hotfix into the WinPE
 - creation of a lan profile and eap profile file
 - copy both files into the mounted image
 - creation of new wim file
I've booted the boot wim via a usb stick to test the 802.1x integration with the following commands:
  net start dot3svc
  => The Wired AutoConfig service was started successfully
  netsh lan add profile filename="X:\8021x\Local Area Connection.xml " interface="Local Area Connection"
  => The profile was added successfully on the interface Local Area connection
 netsh lan set eapuserdata filename=x:\8021x\Wired-WinPE-UserData-PEAP-MSChapv2.xml allusers=yes interface="Local Area Connection"
  => Error setting user data for interface Local Area Connection. The operation is not supported.
Actually I can't post web links here. If the files are needed I can send them per mail.
What can I do to solve this problem?
Thanks!
Regards
Bastian

Hi!
Did you gave a look at this website: http://myitforum.com/cs2/blogs/lakey81/archive/2011/07/06/configuring-802-1x-network-authentication-for-winpe-3-0-and-configmgr-deployments.aspx
I've followed those steps and it worked as a charm, even for WinPE 4.0.
If you have questions let me know.
Cheers.

Similar Messages

  • SCCM 2012 Software Update Management for Windows Servers and how to automatic set SCOM maintenance mode?

    Hi,
    We planning to go one level higher to automat and have more dynamic Software Update Management for Windows Servers. We have SCCM 2012 R2, SCOM 2012 R2 and SCO 2012 R2.
    Our plan is to pur server in an AD-Group to get Update Schedule, from the servers will be importet to an Collection for Automatic Update and reboot. If I understand Everything right SCOM can't read AD-Group and put then in an Schedule maintenance mode. SCOM
    can read reg value as exempel.
    IS there any smar way to make the SCOM Maintenance Mode Schedule dynamic?
    I found this
    http://www.scom2k7.com/scom-2012-maintenance-mode-scheduler/?
    /SaiTech

    You could use Orchestrator to put the servers from a specific collection, or AD group, in maintenance mode in SCOM. For an example see:
    http://www.systemcentercentral.com/orchestrator-how-to-scom-maintenance-mode-for-windows-computers-in-an-sccm-collection/
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • SCCM 2012 NO SP - Reporting for application deployments not up to date

    Hello, 
    We have a problem when deploying applications with our SCCM 2012 NO SP.
    The reports for the application deployments and sup deployment are not up to date.
    The applications have been deployed on the clients but the information is not in sccm servers. 
    The reporting for the package deployment are working correctly.
    Do you have an idea ?
    Thanks

    Hi,
    How are things going? Please let us know if there is any progress.
    Regards.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • 802.1x Authentication for University Network Fails After 10.5.5 Update

    Hi everyone, I hope that someone might be able to help me with my problem. I used to connect to the internet through my university's network at my dorm using the ethernet connection. Even before when I was using 10.5.4 I had to do the 802.1x authentication manually after every boot.
    Now that I updated to 10.5.5 everytime I try to connect it tells me "802.1x Authentication has failed", does anyone have similar problems, solutions??? This is everything the IT department's homepage has to offer: http://www.unibz.it/ict/8021x_mac1/index.html?LanguageID=EN&
    Thanks a lot!
    Btw, it seems the update somehow messed up Timemachine as well, but that doesn't bother me as much as the internet connection.

    Hi,
    You probably need to install a root certificate into your Mac's system keychain so that your Mac knows it can trust the University's Certificate Authority (CA).
    They should be able to provide you with a file for the CA and instructions.
    cheers

  • 802.1x authentication for win XP2 client

    HI,
    I am using Aironet 1200 AP, ACS 3.3 with 802.1x authentication, when I am enabling win XP utility insted of Cisco ACU it's wait for certificate credentials.
    I installed CA authority in windows 2000 server. But i am unable to accessing wireless network with 802.1x authentications
    Please help on this required configuration of CA role in server side and Client side.

    Hi,
    You probably need to install a root certificate into your Mac's system keychain so that your Mac knows it can trust the University's Certificate Authority (CA).
    They should be able to provide you with a file for the CA and instructions.
    cheers

  • SCCM 2012 Compliance 7 Customize for Total Updates Needed

    I can't find single report in SCCM 2012 that lists the total count of updates needed for each computer. This really irks me and many others as this and similar info was readily available with the old WSUS console. It also takes a lot more
    clicks to get the same info in SCCM (if SCCM even has it) as it did in WSUS. Anyway, I've decided to try to customize an existing report. I made a copy of "Compliance 7 - Computers in a specific compliance state for an update group (secondary)".
    Try as I might, I can't get the query to work right to create a field for number of updates required for each computer. I'd really like columns for Failed/Needed/Applied but I'll start with just Needed. Why they got rid of this in SCCM reporting baffles me.
    I have several SQL queries that pull this info for needed patches when run in Management Studio but I can't get them to work in a SCCM Report. Does anyone know how to do this?
    Ben JohnsonWY

    I'm looking at Compliance 1, 5, and 7. The closest to what I want is Compliance 7 but with a new column for "Required Updates". I have that column made but it's not populated. I have a "Required Updates" Dataset now inside this custom
    report. BUT the row of info in the table (computer name, last logon, etc) only lets you select fields from Dataset0. Where I'm stuck is how get to the "Required_Updates" field from the "Required Updates" dataset to appear in Dataset0.
    I've spent a big chunk of time trying to get the code from the two queries merged but I can't get it to work. The other option is to somehow get the field to appear in the row's field selection list (ie, read field from both datasets).
    Oh, and when I followed your steps above, I got the report created but it throws and "error during processing" error when I run it.
    Ben JohnsonWY

  • SCCM 2012 SP1 and SCEP for Mac

    Hello all,
    We have SCCM 2012 SP1 with SECP installed and working well for Windows clients.
    A request came to me that we have the roughly 10ct Mac computers protected by EndPoint and reporting through SCCM.
    Is this possible with what I have now? 
    Please let me know if you have any clues for me.
    Many thanks!

    Hi,
    There is no way to push the SCCM MAC Client to a MAC Computer, you have to install it manually, threre are scripts available on blogs that can assits but still you have to run those scripts manually as well.
    The System Center Endpoint Protection client for MAC is indeed a separate download on the volume licensing site, it is not managed through SCCM it is a standalone antivirus software which download it's defenition files directly from the internet. So there
    is now way to manage it centrally.
    I hope that answered your questions.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCCM 2012 "hardware inventory classes" for AppV?

    Hi, I would like to get a better view what App-V application issue we have on App-V 4.6.2 in an usercentric deployment senrio
    I also see that SCCM 2012 "hardware inventory classes" "Appv Client Applications" is not set and not all is activated under "Virtual Applications".
    I also would like to our support to get an better view if an user call an say it dont get an App-V 4.62 required deployment.  
    So what "hardware inventory classes" do I need to activate to get App-V deployment /and launch status.
    /SaiTech

    Are you saying the class exists in SCCM 2012 for you but not applied to all of your virtual applications or that there and can't be applied or that the option isn't in SCCM for you at all?
    PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog:
    rorymon.com Twitter: @Rorymon

  • What does SCCM 2012 use its ComputerAccount$ for?

    After a fresh install of SCCM 2012 SP1. Single server single site with a local SQL 2012 install.
    (this is my first time setting this up 2012 and i was trying to do it textbook)
    I started getting Alerts on my domain controllers.
    No i have not done a client push yet but i have set up discovery.
    Here is the error.
    EVENT LOG
    Security
    EVENT TYPE
    Audit Failure
    SOURCE
    Microsoft-Windows-Security-Auditing
    CATEGORY
    File Share
    EVENT ID
    5140
    COMPUTERNAME  
    DC04
    DATE / TIME  
    3/02/2014 9:52:13 am
    MESSAGE
    A network share object was accessed. Subject: Security ID: DOMAIN\SCCM$ Account Name: SCCM$ Account Domain: DOMAIN Logon ID:  Network Information: Object
    Type: File Source Address: My Sccm Server IP Source Port: 52442 Share Information: Share Name:
    \\*\ADMIN$ Share Path: \??\C:\Windows Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory)
    Got these on my 3 DC's around the same time, Since these are DC's do i have to grant the computer account domain admin access?

    All services in ConfigMgr run as the local System account of the server that they are on. The local System account in turn uses the computer's AD account to access any network resources. There are multiple processes within ConfigMgr that try to access
    remote resources. Based on the message you have above, I would say this is coming from automatic (or manual) client push as this attempts to connect to the admin$ share.
    Jason | http://blog.configmgrftw.com

  • Cisco ISE 1.3 using 802.1x Authentication for wireless clients

    Hi,
    I have stumbled into a strange issue trying to authenticate a user over wireless. I am using PEAP as the authentication protocol. I have configured my authentication and authorization policy but when I come to authenticate the authorization policy selected is the default which denies access.
    I have used the 802.1x compound conditions for matching the machine authentication and then the user authentication
    MACHINE AUTHENTICATION
    match
    framed
    Wireless
    AD group (machine)
    USER AUTHENTICATION
    match
    framed
    Wireless
    AD group (USER)
    was authenticated = true
    Below are steps taken to authenticate any ideas would be great.
    11001  Received RADIUS Access-Request  
      11017  RADIUS created a new session  
      15049  Evaluating Policy Group  
      15008  Evaluating Service Selection Policy  
      15048  Queried PIP  
      15048  Queried PIP  
      15048  Queried PIP  
      15006  Matched Default Rule  
      11507  Extracted EAP-Response/Identity  
      12300  Prepared EAP-Request proposing PEAP with challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12302  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated  
      12318  Successfully negotiated PEAP version 0  
      12800  Extracted first TLS record; TLS handshake started  
      12805  Extracted TLS ClientHello message  
      12806  Prepared TLS ServerHello message  
      12807  Prepared TLS Certificate message  
      12810  Prepared TLS ServerDone message  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      12318  Successfully negotiated PEAP version 0  
      12812  Extracted TLS ClientKeyExchange message  
      12804  Extracted TLS Finished message  
      12801  Prepared TLS ChangeCipherSpec message  
      12802  Prepared TLS Finished message  
      12816  TLS handshake succeeded  
      12310  PEAP full handshake finished successfully  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      12313  PEAP inner method started  
      11521  Prepared EAP-Request/Identity for inner EAP method  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      11522  Extracted EAP-Response/Identity for inner EAP method  
      11806  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated  
      15041  Evaluating Identity Policy  
      15006  Matched Default Rule  
      22072  Selected identity source sequence  
      15013  Selected Identity Source - AD1  
      24430  Authenticating user against Active Directory  
      24325  Resolving identity  
      24313  Search for matching accounts at join point  
      24315  Single matching account found in domain  
      24323  Identity resolution detected single matching account  
      24343  RPC Logon request succeeded  
      24402  User authentication against Active Directory succeeded  
      22037  Authentication Passed  
      11824  EAP-MSCHAP authentication attempt passed  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      11810  Extracted EAP-Response for inner method containing MSCHAP challenge-response  
      11814  Inner EAP-MSCHAP authentication succeeded  
      11519  Prepared EAP-Success for inner EAP method  
      12314  PEAP inner method finished successfully  
      12305  Prepared EAP-Request with another PEAP challenge  
      11006  Returned RADIUS Access-Challenge  
      11001  Received RADIUS Access-Request  
      11018  RADIUS is re-using an existing session  
      12304  Extracted EAP-Response containing PEAP challenge-response  
      24423  ISE has not been able to confirm previous successful machine authentication  
      15036  Evaluating Authorization Policy  
      15048  Queried PIP  
      15048  Queried PIP  
      24432  Looking up user in Active Directory - xxx\zzz Support  
      24355  LDAP fetch succeeded  
      24416  User's Groups retrieval from Active Directory succeeded  
      15048  Queried PIP  
      15048  Queried PIP  
      15004  Matched rule - Default  
      15016  Selected Authorization Profile - DenyAccess  
      15039  Rejected per authorization profile  
      12306  PEAP authentication succeeded  
      11503  Prepared EAP-Success  
      11003  Returned RADIUS Access-Reject  
      5434  Endpoint conducted several failed authentications of the same scenario  

     24423  ISE has not been able to confirm previous successful machine authentication  
    Judging by that line and what your policy says, it appears that your authentication was rejected as your machine was not authenticated prior to this connection.
    first thing to check is whether MAR has been enabled on the identity source. second thing to check is whether your machine is set to send a certificate for authentication. there are other things you can look at but I'd do those two first.
    log off and on  or reboot and then see if you at least get a failed machine auth on the operations>authentication page and we can go from there. 

  • SCCM 2012: application catalog asks for credentials

    Hi,
    Our application catalog was working fine for weeks. Now suddenly it asks for credentials, the sccm-server is added to trusted sites.
    Please advise.
    J.
    Jan Hoedt

    Disable it in client settings. Run a machine policy retrieval on an effected device. Confirm the policy run has complete in the policyevaluator.log. Check IE and confirm it's not trusted. Re-enable the setting and re-run process. Check it works or not.
    Also ensure that nothing in GPO is overwriting what you have set in client settings.
    Cheers
    Paul | sccmentor.wordpress.com

  • 802.1x authentication for LAN base hosts

    How can I get  Cisco Secure Services Client (SSC) ?
    What is the product code for the software and is it free or do we need a licence?
    Could you please send me If you happen to have information on how it works and known design issues with the SSC.
    Cheers,
    Pubudu.

    Cisco Secure Services Version 5.1 Product Data Sheet
    https://www.cisco.com/en/US/prod/collateral/wireless/ps6442/ps7034/product_data_sheet0900aecd805081a7.html

  • SCCM 2012 with SCM - support for non-Windows?

    Hello all,
    As part of compliance configuration, i came across the Microsoft's Security Compliance Manager 3.0 (latest version) mainly for compliance and remediation. But after going through their docs, I feel SCM is used only on Windows OS (clients or servers). 
    a] Does SCM support contact with non-Microsoft vendors to import security baselines?
    b] Does SCM support audit, compliance and remediation on non-windows OS devices? (clients/servers)
    Any help is greatly appreciated.
    thanks 

    This is the wrong forum to ask Security Compliance Manager based questions, it doesn't have any straight relationship with ConfigMgr. Correct forum is here: http://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement

  • SCCM 2012 with SCM - support for only Windows?

    Hello all,
    As part of compliance configuration, i came across the Microsoft's Security Compliance Manager 3.0 (latest version) mainly for compliance and remediation. But after going through their docs, I feel SCM is used only on Windows OS (clients or servers). 
    a] Does SCM support contact with non-Microsoft vendors to import security baselines?
    b] Does SCM support audit, compliance and remediation on non-windows OS devices? (clients/servers)
    Any help is greatly appreciated.
    thanks  

    This is the wrong forum to ask Security Compliance Manager based questions, it doesn't have any straight relationship with ConfigMgr. Correct forum is here: http://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement

  • SCCM 2012 R2 Agent - Change Language after offline Installation from Agent

    Hi there,
    we install windows 7 with offline image and integrated clean sccm agent install.
    But some machine, all in german, install the agent in english but why.
    for a short solution, is it possible to change the language to german?
    with best regards
    aaj

    Examine ccmsetup.log and see if the German .mst is found and installed at all.
    Torsten Meringer | http://www.mssccmfaq.de

Maybe you are looking for

  • I bought a song on iTunes but now it won't play on my iPhone or my laptop??

    Bout the song Johnny ringo by crown the empire the other day and it was playing just fine and now it won't play anymore. I tried playing it on both my laptop and my iPhone while logged into my iTunes account and it won't play on either. It just skips

  • Inbound Delivery not getting transferred to GTS

    Hi Experts, We are presently implementing GTS 7.2 Customs Management in my company and we are experiencing this issue. Here are steps completed for the document transfer. 1. GTS plugis are activated for the Inbound Delvieries along with other documen

  • Email tabs not visible

    Hi. I've just migrated to BT mail so still finding my way around.  One thing is bugging me (yes, only one at the moment!).  When I open an email, read it and then want to simply move onto the next message, I can't find a way to do it!  There's no "Ne

  • Merging two sorted Vectors into one

    I wish to write a function that will accept two Vectors which are sorted and merge them into a single sorted Vector. I plan to use the compareTo() function to perform the comparisons between objects. I want the function to do this task for Vectors co

  • IPhoto 8 Library empty

    I received a message saying that my thumbprints needed updating so I clicked on ok. When I opened IPhoto, all my photos were gone. I do not have them backed up.