PEAP - cannot logon using wireless with IAS, WPA
Posted on 2006-10-21
I am testing our wireless network to change from WEP to WPA encryption with RADIUS (IAS) authentication with certificates.
I have read through and followed the steps outlined in Microsoft's "Securing Wireless LANs with PEAP and Passwords"
On a test laptop, I cannot log onto the client from the logon screen with wireless enabled. It hangs with "Loading / Applying your personal settings"
After logon if I enable the wireless, I get a successful 'connected' wireless message, get assigned a correct DHCP address and can ping internal servers. I can perform successful DNS lookups.
However I cannot browse any servers using '\\servername', or connect to any file & printer shares, or access any AD info.
I get errors in the event logs of the server and client:
Event ID 2
User <not present> was denied access.
Fully-Qualified-User-Name = DOMAIN\Guest
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 34
Reason = Authentication failed because the user account is not enabled. Before the account can be authenticated, a person with administrative rights for either the computer or the domain must enable the user account.
On the client:
Event ID 1053
Windows cannot determine the user or computer name (An internal error occured)
Event ID 15
Automatic certificate enrollment for local system failed to contact the active directory (0x8007041d)
Event ID 40960
The Security System detected an attempted downgrade attack for server <server name>.
Event ID 40961
The Security System could not establish a secured connection with the server <server name>.
Do I have to do something with the Guest account? - when using PEAP - I didnt read anything in the manual.
Where should I start looking?