PEAP Authentication Failure

Hi guys,

I need your help again.  One specific user cannot login the domain's wifi network on his laptop (Lenovo Thinkpad) that uses the PEAP authenticaiton  since this week.  Other users can get connected to the wifi network and the user account in question also can do the same on spare laptops so I'm assuming the issue is not with the AP or the RADIUS server handling the wifi authentication.  

The OS is Windows XP and the credentials to login the wifi is used the same one as login to the domain network.  I have updated the wifi's device driver (INTEL WiFi 5100 AGN) to the latest one and deleted the PEAP credential cashe following the article in http://support.microsoft.com/kb/823731/en-us , and also applied the gpupdate /force while the LAN cable is connected but nothing mentioned fixed the issue.  

It seems the system is attempting to connect to the wifi but the warning message  "the account has failed to logon the wireless network" repeatedly appears and eventually the apptept fails - as I mentioned earlier the account should work as it was able to connect the same network on other workstations.

The bizzare thing is other account is also rejected by the same message when trying to connect it on the user's laptop, the whole wifi related settings are the same to other machines so the only difference I think is the host name and the model of wifi adapter.  The laptops are all put together under the same OU. There's apparently something wrong with the user's laptop but I'm not a wifi oriented and would like to have your suggestions to tackle the issue.  

Best regards
Kyotokyo,
KyotokyoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jakob DigranesSenior ConsultantCommented:
what are the error message on Radius server?
is this a 2003IAS or 2008/2012NPS server?

2003 have logs in SYSTEM
2008/2012 have them in security. look for failure audits with source network policy server.

Might be wrong wireless setup on laptop
0
KyotokyoAuthor Commented:
Hi,

thank you for the quick response.  Unfortunately I don't have the access to the RADIUS server and cannot check the logs recorded in there.  I will ask the global IT team to check this out and let you know if they found any error.  

The problematic laptop is configured using the same wifi settings as the working laptops, rather, the wifi settings are controlled by the domain's group policy so the related values and parameters are not manually configurable.  

SECURITY: WAP
ENCRYPTION: TKIP
PROTOCOL: PEAP
AUTHENTICATION: EAP MS-CHAPv2

Regards
Kyotokyo
0
Jakob DigranesSenior ConsultantCommented:
Ok --- I will wait for logs then, looks like we'll need them
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
PEAP authentication is used for both computer and user authentication.  Have you checked the computer account and is it okay?  What happens when you connect the computer to a wired network.
0
Craig BeckCommented:
We do need the logs.  If it's NPS we need the Custom NPS logs, not the security logs.  (They show less detail in the security log for NPS).
0
KyotokyoAuthor Commented:
Thanks guys.  I'm asking the global IT team for the log and once I received it I will share with you.  For the computer account it just works fine.  Internet, Intranet and Email are all functioning perfectly.  I had a look on the computer account settings in AD and it has the same manner of configuration and belongs to the same OU as other machines.
0
KyotokyoAuthor Commented:
The global IT department doesn't provide the log yet... and the issue is resolved by replacing the user's computer to Win7.  Sorry for the delay and thanks much for your comments.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.