802.1x authentication fails after Windows XP reboot

Discussion in 'Cisco' started by ttripp, Mar 18, 2009.

  1. ttripp

    ttripp Guest

    I have XP SP3 installed on a workstation, configured to use 802.1x
    authentication with a Cisco 3750 switch and a Microsoft NAP server
    providing RADIUS services.

    When I boot up the workstation, 802.1x authentication fails. If I
    unplug the network cable from the workstation, then plug it back in,
    the workstation immedately authenticates and grabs and IP address from
    DHCP.

    If I reboot, authentication fails again until I unplug and replug the
    cable. I can get the same result if I do a "shut/no shut" on the
    Cisco switch's port.

    Obviously, there's nothing actually wrong with 802.1x authentication,
    or RADIUS or the switch. It's only when the workstation first boots
    up; I'm guessing that while it's booting up, some service(s) are still
    coming up and preventing authentication from working, but once the
    workstation has finished booting, it is stuck in the switch's "failed
    authentication" vlan, and the only way to restart the authentication
    process is to break the network connection.

    Since I'm going to deploy 802.1x to a couple of thousand workstations,
    unplugging cables or reseting switch ports isn't a practical solution.

    Does anyone know how to resolve this problem? Thanks.
    ttripp, Mar 18, 2009
    #1
    1. Advertising

  2. ttripp wrote:
    > I have XP SP3 installed on a workstation, configured to use 802.1x
    > authentication with a Cisco 3750 switch and a Microsoft NAP server
    > providing RADIUS services.
    >
    > When I boot up the workstation, 802.1x authentication fails. If I
    > unplug the network cable from the workstation, then plug it back in,
    > the workstation immedately authenticates and grabs and IP address from
    > DHCP.
    >
    > If I reboot, authentication fails again until I unplug and replug the
    > cable. I can get the same result if I do a "shut/no shut" on the
    > Cisco switch's port.
    >
    > Obviously, there's nothing actually wrong with 802.1x authentication,
    > or RADIUS or the switch. It's only when the workstation first boots
    > up; I'm guessing that while it's booting up, some service(s) are still
    > coming up and preventing authentication from working, but once the
    > workstation has finished booting, it is stuck in the switch's "failed
    > authentication" vlan, and the only way to restart the authentication
    > process is to break the network connection.
    >
    > Since I'm going to deploy 802.1x to a couple of thousand workstations,
    > unplugging cables or reseting switch ports isn't a practical solution.
    >
    > Does anyone know how to resolve this problem? Thanks.


    I wonder if this discussion is relevant to your problem -

    http://social.technet.microsoft.com.../thread/981fff0e-c29f-4f2b-be61-152b956567bc/

    Also in XP SP3 wired part of 802.1x supplicant is a separate service and
    no longer part of wireless zero config. It's in manual start mode by
    default. Have you changed it to auto?

    Regards,
    Andrey.
    Andrey Tarasov, Mar 18, 2009
    #2
    1. Advertising

  3. ttripp

    ttripp Guest

    On Mar 18, 3:31 pm, Andrey Tarasov <> wrote:
    > ttripp wrote:
    > > I have XP SP3 installed on a workstation, configured to use 802.1x
    > > authentication with a Cisco 3750 switch and a Microsoft NAP server
    > > providing RADIUS services.

    >
    > > When I boot up the workstation, 802.1x authentication fails.  If I
    > > unplug the network cable from the workstation, then plug it back in,
    > > the workstation immedately authenticates and grabs and IP address from
    > > DHCP.

    >
    > > If I reboot, authentication fails again until I unplug and replug the
    > > cable.  I can get the same result if I do a "shut/no shut" on the
    > > Cisco switch's port.

    >
    > > Obviously, there's nothing actually wrong with 802.1x authentication,
    > > or RADIUS or the switch.  It's only when the workstation first boots
    > > up; I'm guessing that while it's booting up, some service(s) are still
    > > coming up and preventing authentication from working, but once the
    > > workstation has finished booting, it is stuck in the switch's "failed
    > > authentication" vlan, and the only way to restart the authentication
    > > process is to break the network connection.

    >
    > > Since I'm going to deploy 802.1x to a couple of thousand workstations,
    > > unplugging cables or reseting switch ports isn't a practical solution.

    >
    > > Does anyone know how to resolve this problem?  Thanks.

    >
    > I wonder if this discussion is relevant to your problem -
    >
    > http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/...
    >
    > Also in XP SP3 wired part of 802.1x supplicant is a separate service and
    > no longer part of wireless zero config. It's in manual start mode by
    > default. Have you changed it to auto?
    >
    > Regards,
    > Andrey.- Hide quoted text -
    >
    > - Show quoted text -


    That's interesting. I tried a little more testing and if I just let
    the workstation sit, it will authenticate itself after about 25
    minutes, which is about the same time as mentioned in the link you
    provided.
    ttripp, Mar 18, 2009
    #3
  4. ttripp

    ttripp Guest

    On Mar 18, 4:07 pm, ttripp <> wrote:
    > On Mar 18, 3:31 pm, Andrey Tarasov <> wrote:
    >
    >
    >
    >
    >
    > > ttripp wrote:
    > > > I have XP SP3 installed on a workstation, configured to use 802.1x
    > > > authentication with a Cisco 3750 switch and a Microsoft NAP server
    > > > providing RADIUS services.

    >
    > > > When I boot up the workstation, 802.1x authentication fails.  If I
    > > > unplug the network cable from the workstation, then plug it back in,
    > > > the workstation immedately authenticates and grabs and IP address from
    > > > DHCP.

    >
    > > > If I reboot, authentication fails again until I unplug and replug the
    > > > cable.  I can get the same result if I do a "shut/no shut" on the
    > > > Cisco switch's port.

    >
    > > > Obviously, there's nothing actually wrong with 802.1x authentication,
    > > > or RADIUS or the switch.  It's only when the workstation first boots
    > > > up; I'm guessing that while it's booting up, some service(s) are still
    > > > coming up and preventing authentication from working, but once the
    > > > workstation has finished booting, it is stuck in the switch's "failed
    > > > authentication" vlan, and the only way to restart the authentication
    > > > process is to break the network connection.

    >
    > > > Since I'm going to deploy 802.1x to a couple of thousand workstations,
    > > > unplugging cables or reseting switch ports isn't a practical solution..

    >
    > > > Does anyone know how to resolve this problem?  Thanks.

    >
    > > I wonder if this discussion is relevant to your problem -

    >
    > >http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/...

    >
    > > Also in XP SP3 wired part of 802.1x supplicant is a separate service and
    > > no longer part of wireless zero config. It's in manual start mode by
    > > default. Have you changed it to auto?

    >
    > > Regards,
    > > Andrey.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > That's interesting.  I tried a little more testing and if I just let
    > the workstation sit, it will authenticate itself after about 25
    > minutes, which is about the same time as mentioned in the link you
    > provided.- Hide quoted text -
    >
    > - Show quoted text -


    I tested using the hotfix mentioned in the link you provided, and it
    corrected the problem. Another wonderful Microsoft "feature". Now
    I've got to figure out how to get this hotfix out to all the
    workstations in my company.
    ttripp, Mar 19, 2009
    #4
  5. "ttripp" <> wrote in message
    news:...
    On Mar 18, 4:07 pm, ttripp <> wrote:

    > I tested using the hotfix mentioned in the link you provided, and it
    > corrected the problem. Another wonderful Microsoft "feature". Now
    > I've got to figure out how to get this hotfix out to all the
    > workstations in my company.


    Do you have Active Directory?
    Igor Mamuzic aka Pseto, Mar 19, 2009
    #5
  6. ttripp

    ttripp Guest

    On Mar 19, 8:55 am, "Igor Mamuzic aka Pseto"
    <-com.hr> wrote:
    > "ttripp" <> wrote in message
    >
    > news:...
    > On Mar 18, 4:07 pm, ttripp <> wrote:
    >
    > > I tested using the hotfix mentioned in the link you provided, and it
    > > corrected the problem.  Another wonderful Microsoft "feature".  Now
    > > I've got to figure out how to get this hotfix out to all the
    > > workstations in my company.

    >
    > Do you have Active Directory?


    Does anyone know if this affects Windows Server 2000 or 2003? The
    link only mentions XP, Vista and Server 2008, but I have other OSes to
    worry about.
    ttripp, Mar 23, 2009
    #6
  7. ttripp

    HawkEye22

    Joined:
    May 26, 2009
    Messages:
    1
    ttrip,

    Can i ask you a couple of questions?
    I am doing a little research to implement 802.1X authentication.
    Which option for EAP do you use in windows? is that PEAP?
    And do you use certificates? If yes? how did you do that?

    Thanks in advance,

    HawkEye22
    HawkEye22, May 26, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oli
    Replies:
    3
    Views:
    840
  2. Darren Green
    Replies:
    1
    Views:
    935
    Walter Roberson
    Mar 14, 2006
  3. zillah
    Replies:
    0
    Views:
    714
    zillah
    Nov 9, 2006
  4. Lawrence D'Oliveiro

    Reboot, reboot, reboot

    Lawrence D'Oliveiro, Mar 6, 2009, in forum: NZ Computing
    Replies:
    12
    Views:
    1,059
    Lawrence D'Oliveiro
    Mar 7, 2009
  5. Marco
    Replies:
    0
    Views:
    1,205
    Marco
    Jul 16, 2009
Loading...

Share This Page