Windows XP built-in 802.1x supplicant problem

Similar Messages

• SPS224 and Windows XP SP3 802.1x supplicant problem

  Hi everybody
  We run MS Active Directory based network (Windows Server 2008, MS NPS as RADIUS server) and have Windows XP SP3 and 7 in it. We have a lot of SPS224 (with the latest SW version 1.0.6) as the access switches, and we are trying to implement 802.1x in our network to authenticate users by their AD domain computer accounts. Also, we want to use dynamic VLAN assignment using RADIUS attributes. The authentication by PEAP-MSCHAPv2 works fine on all workstations but we have a problem with the dynamic VLAN assignment in case Windows XP machines are used. The problem is that after a successful authentication and VLAN assignment on a switch port, the Windows XP supplicant is trying to re-authenticate after several seconds. However, the switch port state remains authorized and the workstation does not lose connection. So, the only problem we see is that the state of supplicant does not correspond the switch port state. We have notice that the problem occurs when the "multiple sessions mode" is used (it is needed to enable VLAN  assignment by RADIUS attributes). We have tried the built-in Windows XP SP3 supplicant and Cisco Secure Services Client with the similar result. At the same time, the Windows 7 workstation works just fine, without any problems. Is anybody has faced this problem with Windows XP and has a workaround? Any help will be appreciated!

  Not exactly sure what could be the problem. It should be working - it's definitely supported (I'm currently typing this via a XP SP3 machine using PEAP WPA2/AES via WZC). The only things I can think of to check are:
  - Make sure your wireless drivers are up to date *this is a must*
  - Make sure the other supplicant is completely disabled (uninstall it if you really need to rule it out)
  - Try disabling the server certificate check in the WZC profile for this network (do you know for sure that your laptop trusts the IAS server's certificate)?
  - Are you doing machine or user authentication for PEAP - make sure you have the WZC profile properly configured
  - Are you 100% sure that you've configured everything properly for the network (WPA vs WPA2? AES vs. TKIP? etc.)

• Auth-Fail Feature and Windows 802.1x Supplicant Compatibility

  As per Cisco IOS design when authentication fails the switch sends a simulated EAP-Success message to the client so that DHCP can be implemented by the client. Taking into consideration the dot1x auth-fail command is configured.
  However we have noticed that when using the built-in Windows XP SP2 802.1x supplicant and authentication fails, the Windows supplicant does not like this Cisco simulated EAP-Success message and drops the packet, therefore never re-initiating the DHCP process.
  I have attached the Microsoft supplicant log indicating the dropped EAP-Success.
  We are using catalyst 3750 with IOS 12.2(25)SEE. We have also tried release 12.2(35)xxx but issue persists.
  Your suggestions would be appreciated.
  Thank You,
  ET

  An EAP-Failure is by design. This occurs on all failures. The session fails rather normally. After the third (default but configurable) successive failure, the port is conditionally enabled (and placed in the auth-fail-vlan) even though 1X is configured and operating.
  At this point, it's up to the supplicant to access the network if it wants to, since the port has been enabled. Without the notion of a controlled port on a supplicant, there's no reason it shouldn't try and access the network ;-).
  Once a workstation is authorized on the network, and then subsequently fails for whatever reason, and put on the auth-fail vlan then it's also up to the machine to renew it's IP if it needs to. Optionally, you can configure the auth-fail-vlan to be the same as your default vlan. I guess it's worth pointing out, that you'd have this problem without 802.1X (changing VLANs on the fly for example). Some supplicants can deal with this though.
  If an EAPOL-Logoff does not come from a supplicant (and it doesn't by default with Windows-XP) then there's nothing to get the port out of the Auth-Fail-VLAN either (short of link down). You can configure this through registry though. So the answer to your earlier question was no .. it shouldn't.
  I'm not sure I understand the "IB" and "OOB" references here though.
  Hope this helps,

• Anyconnect 4 as 802.1x supplicant replacement for Windows - where to put config xml file?

  I want to try out Anyconnect NAM as a 802.1x supplicant replacement in Windows 8.1
  And I have made myself a fine little config xml file that I want to test.
  But where do I put that config file?
  Should I rename it to something special, or should Anyconnect NAM have some extra startup parameters?
  Thank you.

  The file must be called "configuration.xml" and if you already installed NAM, then put the file in \Users\All Users\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\newConfigfiles\ and restart the anyconnect service
  If instead you are creating an install package for deploying, you can put the configuration in a directory named Profiles/NAM/  together with the msi package, the installation will import the config itself.when you run the msi file.

• 802.1x wired problems

  Hello.
  I'm trying to install arch, but I've been stuck on configuring network for a day already.
  The point is: I need to connect to the local university network (wired) to be able to connect to the Internet via PPPoE. The university network has PEAP MSCHAPv2 security and I can't connect to it.
  I haven't found anything on the forums I hadn't tried so far, so, maybe you can help me find my mistakes.
  Here's what I'm doing:
  /etc/wpa_supplicant.conf:
  ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
  ap_scan=0
  network={
  key_mgmt=IEEE8021X
  eap=PEAP
  phase2="auth=MSCHAPV2"
  identity="username"
  password="password"
  eapol_flags=0
  ip link set enp4s0 up
  wpa_supplicant -i enp4s0 -B -Dwired -c /etc/wpa_supplicant.conf
  dhcpcd enp4s0
  pppoe-setup
  pppoe-start
  Update: I managed to advance a bit further, pppoe-start finally says
  . Connected!
  But now I can't seem to get DNS to work, since my provider's server won't send one to me. Apart from that, everything seems to work, so I'll just leave this here so other newbies with the same problem would have less trouble lookng for solution.
  Last edited by tstheworm (2013-03-21 17:03:49)

  Hi Hartmut,
  Suggest using CSSC with CTA.
  CTA 802.1x supplicant have limitation.
  CSSC is free for basic features, advanced features (support wireless) need license.
  You may need to un-install CTA with 802.1x supplicant first, follow by install CSSC + CTA (without 802.1x) because CSSC have built-in 802.1x features.
  Please take note of the installation sequence. Because if you make mistake about the installation sequence, you may get a error and the thing didn't work.
  Hope this help
  Thanks

• Anyone rolled out 802.1x supplicant in a large Microsoft AD environment?

  Morning all, anyone have any suggestions how I can rollout Microsoft's native 802.1x supplicant to a large number of PC's.  I've got ISE and serveral different versions of Windows (xp, 7) working in a lab, but not being a Microsoft AD guy I'm kind of clueless how to pull this off.  Can it been done via a group policy?  If so has anyone got a good document how to pull this off? 

  It is really simple, you can follow the guide here in the technet kb:
  http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/7220c686-e033-4903-b40e-bf3b7e581d05
  There are other threads that can show you how to do this on the wireless side as well. Make sure the AD guys set the correct eap types (peap or eap-tls) and you should be good to go.
  Tarik Admani
  *Please rate helpful posts*

• AnyConnect NAM 802.1x supplicant question

  Hello everyone,
  I am using the AnyConnect Network Access Manager as a 802.1x supplicant (with an ACS 5.4 as authentication server). The authentication process works like a charm but there is one issue that the users here do not like. There is a popup window from AnyConnect with a "cancel" button after the users enter their username and password...
  Now you would think that this should not be an issue but I have experienced otherwise. The users here seem to like to click cancel buttons which in this case interrupts that authentication process (so they get placed in the guest VLAN). I have attached a photo of the popup window. Does any of you know a way to hide this popup window completely or at least make the cancel button unclickable ?
  Thank you in advance,
  Ron Aarts

  Hi,
  Can you check the link below and see if the client policy helps:
  http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac04namconfig.html#wp1124492
  Check and see if the disable client option is not checked and test.
  thanks,
  Tarik Admani
  *Please rate helpful posts*

• Windows 7 Built-In Firewall Filtering Platform Blocking Outlook.exe Even Though Firewall Off

  (this post was originally started here,
  http://answers.microsoft.com/en-us/office/forum/office_2010-outlook/windows-7-built-in-firewall-filtering-platform/7312a367-3a9f-470a-b6c7-56c041630af1, but recommended to move to this forum)
  I first encountered this problem on a Windows 7 computer running Outlook 2007 a couple of weeks ago. The system kept asking the primary user for a password to connect to our Exchange Service. The user kept typing in the correct password, but it would never
  connect. Using Outlook Web Access from the same computer with the same user and password was successful, so the credentials and network connection seemed good.
  After checking the Security Logs, I found pairs of Event 5152 and 5157 whenever the user tried to enter a password. Example events are listed below (although they are from the most recent incidence). I found out that the Filtering Platform is supposed to
  be part of Windows Firewall, but couldn't find much other information about it. However, the Windows Firewall is turned off by Group Policy (verified by looking in the Control Panel for Window Firewall), so I didn't think it should be blocking anything. Oddly
  enough, the Windows Firewall service was running on this computer, but it was running on all computers, even if they didn't have this problem.
  I found that I could make the problem go away by stopping the Windows Firewall service. However, it seems odd that would be necessary. It seems a bit of a kludgy fix.
  I hoped that the problem would only by on one system and could let it go for a bit. Unfortunately, I just had the problem crop up on a new Windows 7 system with Outlook 2010 installed.
  At this point, I'm concerned about what might be causing it and that it might start happening on all our systems. I could stop the Windows Firewall service on all of them, but I'd like to understand what might be happening more before taking that action.
  For reference, both systems have received all Automatic Updates and are running the McAfee Total Protection Service anti-virus and firewall services.
  Any thoughts or suggestions would be appreciated.
  Thanks in advance,
  indyvql
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          3/9/2015 9:05:38 AM
  Event ID:      5152
  Task Category: Filtering Platform Packet Drop
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      usercomputer.domain.com
  Description:
  The Windows Filtering Platform has blocked a packet.
  Application Information:
   Process ID:  10712
   Application Name: \device\harddiskvolume3\program files\microsoft office\office14\outlook.exe
  Network Information:
   Direction:  Outbound
   Source Address:  <IP Address of User Computer>
   Source Port:  55279
   Destination Address: <Unknown IP Address in 192.168 Subnet, Which is Not Used By Us>
   Destination Port:  443
   Protocol:  6
  Filter Information:
   Filter Run-Time ID: 67045
   Layer Name:  Connect
   Layer Run-Time ID: 48
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          3/9/2015 9:05:38 AM
  Event ID:      5157
  Task Category: Filtering Platform Connection
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      usercomputer.domain.com
  Description:
  The Windows Filtering Platform has blocked a connection.
  Application Information:
   Process ID:  10712
   Application Name: \device\harddiskvolume3\program files\microsoft office\office14\outlook.exe
  Network Information:
   Direction:  Outbound
   Source Address:  <IP Address of User Computer>
   Source Port:  55279
   Destination Address: <Unknown IP Address in 192.168 Subnet, Which is Not Used By Us>
   Destination Port:  443
   Protocol:  6
  Filter Information:
   Filter Run-Time ID: 67045
   Layer Name:  Connect
   Layer Run-Time ID: 48

  Hi indyvql,
  "..are running the McAfee Total Protection Service anti-virus and firewall services."
  - So you've enabled McAfee firewall? If you have McAfee firewall turned on, then everything is managed by McAfee Personal Firewall which might cause the issue.
  To troubleshoot the issue, I would suggest we first disable McAfee temporarily, then try again.
  Also, as you've mentioned, please go ahead to have a test with just updating McAfee but not stopping the Windows Firewall service, then verify result.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• LAP 802.1x supplicant and H-REAP

  Hallo,
  is it possible to combine the 802.1x supplicant feature of a LAP with a H-REAP scenario with trunked/tagged uplinks to the switching infrastructure?
  Will the switchport opened via successfull 802.1xauthentication for the native vlan only (management traffic) or does it also be valid for the tagged vlans on trunk?.
  br
  am

  Did you ever figure out a resolution to this? I'm facing the same problem. 802.1x authentication does not work for the system profile and I have to login and manually click the connect button for 802.1x.

• When I go to my downloads folder on my dock and click the file all the content shows up but as soon as I go to open it in the finder, I get a blank window. Has anyone else had this problem, if so, How do you fix it.

  When I go to my downloads folder on my dock and click the file all the content shows up but as soon as I go to open it in the finder, I get a blank window. Has anyone else had this problem, if so, How do you fix it. I also cant delete anything from this folder because of it. Any help would be greatly appreciated.

  Hey Allen,
  I am having the same issue here in September.  How did yor situation get resolved.  My iPad Siri works great.  My iPhone 5 Siri has been out of comission (OOC) for almost a month and I am beginning to get a little frustrated since Siri works so well in July....ANY assistance would be highly appreciated... Thanx

• We have a 10 person office - all either use Acrobat XI or Reader XI.  One person is on Windows 7.  The rest are on Windows 8 (not 8.1).  I say this because I thought it was a Windows 8 issue, but having the same problems on the Windows 7 machine. We are a

  We have a 10 person office - all either use Acrobat XI or Reader XI.  One person is on Windows 7.  The rest are on Windows 8 (not 8.1).  I say this because I thought it was a Windows 8 issue, but having the same problems on the Windows 7 machine. We are all having problems opening pdf's sent to us from other firms. This has increased in frequency over the past two months. We've checked with the various firms, and their other clients are not having problems. Some pdfs open but with a lot of missing content and strange formatting, others won't open at all.  There are different error messaged depending upon the doc.  Some are regarding the fonts, for example "can't extract the embedded font...."  Others are "insufficient data" errors.  There are more, but for purposes of keeping this short, I won't include them.  Another unrelated issue is that we are having trouble printing excel files to pdf.  The files end up with bad formatting.  I've worked with adobe "chat" support, our IT consultants with no resolution.  I also haven't found any similar "known issue" online  Would very much appreciate any assistance.  Thank you

  The font embedding can be a problem if not done and you are trying to view the PDF and do not have the font on your machine. Acrobat will often try to find a replacement, but it is not always a good choice. Sometimes the "Use Local Fonts" button can be changed in state to resolve some of the viewing issues.
  If you are trying to copy or export info, then it is important that you have the fonts on your system. Otherwise, the message you are getting about embedded fonts would not be showing up.
  As for Excel formatting, be sure that the Adobe PDF printer is selected in the printer screen before you look for the paging and formatting of the file. In most OFFICE programs, if you change the printer the application will reflow the document to best match the printer (called "using printer metrics"). So check before you create the PDF that the layout is correct.

• I have Windows 7 and just recently experienced a problem with itunes freezing up when I clicked on the "apps" tab.  Everything else seems to work okay in itunes.  I have uninstalled it and reloaded it 4 or 5 times, but still freezes up.

  I have Windows 7 and just recently experienced a problem with itunes freezing up when I clicked on the "apps" tab which shows the apps that are loaded on my phone.  Everything else in the itunes software seems to be working okay.  The problem is in the part where you sync the newly purchased apps.  The apps will all be blank that are downloaded and that part of the software crashes itunes or freezes up.  I can get out of itunes okay after the freeze up, but it just stops me from syncing anything that I have newly added.  If anyone has had this problem before or knows someone that has, please let me know how I can fix it.  I have uninstalled and reloaded itunes 4 or 5 times, but the problem is still there.  I might add that I have been using itunes and purchasing apps for 2 to 3 years without any problems.  HELP.

  You would get better response from the iTunes community forum.
  Have a nice day!

• Windows 7 - HP Laserjet 8500 print driver problem

  I have tried everything imaginable to correct this HP 8500n print driver problem with no success, please help!
  I cannot correct or get rid of a reoccurring “Incompatible Print Settings” error dialog box message that repeatedly states that “There are one or more conflicting settings. One of the settings is: Output Bin: Mailbox 1, Accessory Output Bin: Not Installed”. The radio button options are “Restore my previous settings or Keep this setting, and I will change it later”. This same dialog message repeats 13 times for all the other various conflicts each time you click on printer properties to change to 2 sided printing or any other printer settings. This printer does not have any of these features attached or set into it.
  I am a volunteer that manages a number of computers on our small church LAN, 2 computers operating on MS XP-SP3, 2 on MS Windows 7 Home Premium and my 2 problem computers that came pre-installed with Vista Home Premium of which I have performed an HP OEM upgrade to Window 7.
  I have isolated this print driver problem to the Vista operating system and even when computers are upgraded to Windows 7 does not correct this driver error. I have also tried every possible print driver variant of the HP 8500, HP8550, PCL, PS to include the Microsoft versus HP versions with no success. In each case I get this error yet neither of the XP computers or the computers that had Windows 7 as a original operating system have no problems with their print drivers for this printer.
  Yes, I have repeatedly searched and upgraded the operating system and print drivers. In desperation I have even tried to find the correctly behaving Windows 7 print driver and transfer it to these Vista upgraded to Windows 7 machines. However I could not isolate the driver location.
  The only thing I can conclude is that this errant HP print driver was resident within Vista and remains resident even after a HP OEM Windows 7 upgrade. Additionally, all of these computers are configured to access this printer via its static IP address on the network.  The XP computers are 32 bit, all of the Vista upgraded to Win 7 and OEM Win 7 computers are 64 bit machines all with respective OS. 
  Can anyone please help me correct this problem?

  Hi, 
  Unfortunately I can't see your uploaded image yet as it is awaiting approval from HP.
  From what I can see you are correct that HP does supply drivers for this printer and that the drivers for your printer are already included with Windows 7.  On the machines affected, try the procedure below to see if it helps at all
  Next download revo uninstaller on the link below and install it.
  http://www.revouninstaller.com/download-freeware-version.php
  Disconnect the printer from the PC.
  Run Revo and see if it finds any  HP Printer Software installed.  If it does, right click the software icon and select uninstall.  During the process you may be asked to delete registry entries.  If you are, just select all and click delete.  Do the same for any left over files and folders.  Once completed, reboot the PC.
  Re-connect your printer to the PC and follow the guide below.
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?&objectID=c02536257
  If this helps you will need to repeat the process on each of the affected machines.
  Best wishes,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience

• I install windows 8 in my macbook pro, the problem is it cannot detect wifi connection and bluetooth

  I install windows 8 in my macbook pro, the problem is it cannot detect wifi connection and bluetooth, because when i click the wireless in settings there are no choices... but when i use the mac os, everything is fine, the wifi, the bluetooth everything is functional, can you help me fix this problem? help will be much appreaciated.. thanks

  How did you install Windows? Did you use Bootcamp Assistant or did you use a virtual machine like Parallels, Fusion, or VirtualBox.
  If you used Bootcamp Assistant, did you download and install the Windows Support software (drivers) in accordance with the Bootcamp instructions?

• On windows 8 and itunes I have importing problems the DVD is only reading the music cd from 1.5x to 4.0x for 95% of the time, it does hit speeds of 30x for the other 5% of the time. Is it a driver issue with the DVD or is it  a windows 8 issue?

  on windows 8 and itunes I have importing problems the DVD is only reading the music cd from 1.5x to 4.0x for 95% of the time, it does hit speeds of 30x for the other 5% of the time. Is it a driver issue with the DVD or is it  a windows 8 issue?

  No. You have no alternative but to plug it into a computer running iTunes and restore it.