«

I have XP SP3 installed on a workstation, configured to use 802.1x
authentication with a Cisco 3750 switch and a Microsoft NAP server
providing RADIUS services.

When I boot up the workstation, 802.1x authentication fails. If I
unplug the network cable from the workstation, then plug it back in,
the workstation immedately authenticates and grabs and IP address from
DHCP.

If I reboot, authentication fails again until I unplug and replug the
cable. I can get the same result if I do a "shut/no shut" on the
Cisco switch's port.

Obviously, there's nothing actually wrong with 802.1x authentication,
or RADIUS or the switch. It's only when the workstation first boots
up; I'm guessing that while it's booting up, some service(s) are still
coming up and preventing authentication from working, but once the
workstation has finished booting, it is stuck in the switch's "failed
authentication" vlan, and the only way to restart the authentication
process is to break the network connection.

Since I'm going to deploy 802.1x to a couple of thousand workstations,
unplugging cables or reseting switch ports isn't a practical solution.

Does anyone know how to resolve this problem? Thanks.

ttripp wrote:
> I have XP SP3 installed on a workstation, configured to use 802.1x
> authentication with a Cisco 3750 switch and a Microsoft NAP server
> providing RADIUS services.
>
> When I boot up the workstation, 802.1x authentication fails. If I
> unplug the network cable from the workstation, then plug it back in,
> the workstation immedately authenticates and grabs and IP address from
> DHCP.
>
> If I reboot, authentication fails again until I unplug and replug the
> cable. I can get the same result if I do a "shut/no shut" on the
> Cisco switch's port.
>
> Obviously, there's nothing actually wrong with 802.1x authentication,
> or RADIUS or the switch. It's only when the workstation first boots
> up; I'm guessing that while it's booting up, some service(s) are still
> coming up and preventing authentication from working, but once the
> workstation has finished booting, it is stuck in the switch's "failed
> authentication" vlan, and the only way to restart the authentication
> process is to break the network connection.
>
> Since I'm going to deploy 802.1x to a couple of thousand workstations,
> unplugging cables or reseting switch ports isn't a practical solution.
>
> Does anyone know how to resolve this problem? Thanks.

I wonder if this discussion is relevant to your problem -

http://social.technet.microsoft.com/...-152b956567bc/

Also in XP SP3 wired part of 802.1x supplicant is a separate service and
no longer part of wireless zero config. It's in manual start mode by
default. Have you changed it to auto?

Regards,
Andrey.

On Mar 18, 3:31*pm, Andrey Tarasov <and...@email.com> wrote:
> ttripp wrote:
> > I have XP SP3 installed on a workstation, configured to use 802.1x
> > authentication with a Cisco 3750 switch and a Microsoft NAP server
> > providing RADIUS services.
>
> > When I boot up the workstation, 802.1x authentication fails. *If I
> > unplug the network cable from the workstation, then plug it back in,
> > the workstation immedately authenticates and grabs and IP address from
> > DHCP.
>
> > If I reboot, authentication fails again until I unplug and replug the
> > cable. *I can get the same result if I do a "shut/no shut" on the
> > Cisco switch's port.
>
> > Obviously, there's nothing actually wrong with 802.1x authentication,
> > or RADIUS or the switch. *It's only when the workstation first boots
> > up; I'm guessing that while it's booting up, some service(s) are still
> > coming up and preventing authentication from working, but once the
> > workstation has finished booting, it is stuck in the switch's "failed
> > authentication" vlan, and the only way to restart the authentication
> > process is to break the network connection.
>
> > Since I'm going to deploy 802.1x to a couple of thousand workstations,
> > unplugging cables or reseting switch ports isn't a practical solution.
>
> > Does anyone know how to resolve this problem? *Thanks.
>
> I wonder if this discussion is relevant to your problem -
>
> http://social.technet.microsoft.com/...verNAP/thread/...
>
> Also in XP SP3 wired part of 802.1x supplicant is a separate service and
> no longer part of wireless zero config. It's in manual start mode by
> default. Have you changed it to auto?
>
> Regards,
> Andrey.- Hide quoted text -
>
> - Show quoted text -

That's interesting. I tried a little more testing and if I just let
the workstation sit, it will authenticate itself after about 25
minutes, which is about the same time as mentioned in the link you
provided.

On Mar 18, 4:07*pm, ttripp <ttr...@manh.com> wrote:
> On Mar 18, 3:31*pm, Andrey Tarasov <and...@email.com> wrote:
>
>
>
>
>
> > ttripp wrote:
> > > I have XP SP3 installed on a workstation, configured to use 802.1x
> > > authentication with a Cisco 3750 switch and a Microsoft NAP server
> > > providing RADIUS services.
>
> > > When I boot up the workstation, 802.1x authentication fails. *If I
> > > unplug the network cable from the workstation, then plug it back in,
> > > the workstation immedately authenticates and grabs and IP address from
> > > DHCP.
>
> > > If I reboot, authentication fails again until I unplug and replug the
> > > cable. *I can get the same result if I do a "shut/no shut" on the
> > > Cisco switch's port.
>
> > > Obviously, there's nothing actually wrong with 802.1x authentication,
> > > or RADIUS or the switch. *It's only when the workstation first boots
> > > up; I'm guessing that while it's booting up, some service(s) are still
> > > coming up and preventing authentication from working, but once the
> > > workstation has finished booting, it is stuck in the switch's "failed
> > > authentication" vlan, and the only way to restart the authentication
> > > process is to break the network connection.
>
> > > Since I'm going to deploy 802.1x to a couple of thousand workstations,
> > > unplugging cables or reseting switch ports isn't a practical solution..
>
> > > Does anyone know how to resolve this problem? *Thanks.
>
> > I wonder if this discussion is relevant to your problem -
>
> >http://social.technet.microsoft.com/...verNAP/thread/...
>
> > Also in XP SP3 wired part of 802.1x supplicant is a separate service and
> > no longer part of wireless zero config. It's in manual start mode by
> > default. Have you changed it to auto?
>
> > Regards,
> > Andrey.- Hide quoted text -
>
> > - Show quoted text -
>
> That's interesting. *I tried a little more testing and if I just let
> the workstation sit, it will authenticate itself after about 25
> minutes, which is about the same time as mentioned in the link you
> provided.- Hide quoted text -
>
> - Show quoted text -

I tested using the hotfix mentioned in the link you provided, and it
corrected the problem. Another wonderful Microsoft "feature". Now
I've got to figure out how to get this hotfix out to all the
workstations in my company.

"ttripp" <> wrote in message
news:eb675d54-52c3-4aee-8d89-...
On Mar 18, 4:07 pm, ttripp <ttr...@manh.com> wrote:

> I tested using the hotfix mentioned in the link you provided, and it
> corrected the problem. Another wonderful Microsoft "feature". Now
> I've got to figure out how to get this hotfix out to all the
> workstations in my company.

Do you have Active Directory?

On Mar 19, 8:55*am, "Igor Mamuzic aka Pseto"
<igor.mamuzicMAKNI_...@zg.t-com.hr> wrote:
> "ttripp" <ttr...@manh.com> wrote in message
>
> news:eb675d54-52c3-4aee-8d89-...
> On Mar 18, 4:07 pm, ttripp <ttr...@manh.com> wrote:
>
> > I tested using the hotfix mentioned in the link you provided, and it
> > corrected the problem. *Another wonderful Microsoft "feature". *Now
> > I've got to figure out how to get this hotfix out to all the
> > workstations in my company.
>
> Do you have Active Directory?

Does anyone know if this affects Windows Server 2000 or 2003? The
link only mentions XP, Vista and Server 2008, but I have other OSes to
worry about.

[HawkEye22]

ttrip,

Can i ask you a couple of questions?
I am doing a little research to implement 802.1X authentication.
Which option for EAP do you use in windows? is that PEAP?
And do you use certificates? If yes? how did you do that?

Thanks in advance,

HawkEye22