J
Jason Root
I hope someone has seen this problem before:
I have a Windows 2000 Pro (SP4) workstation set up to
authenticate to our wireless network using EAP-TLS. The
computer authenticates correctly by itself when no one is
logged on. When a domain user account that is a member of
the local Administrators group logs on, it successfully
authenticates, too. When a domain user without local
Administrators membership logs on, it fails to
authenticate and drops the network connection. The IAS
server (Windows Server 2003) reports a warning in the
System Event Log. (Reason-Code = 262, Reason = The
supplied message is incomplete. The signature was not
verified.) If I add the failed user to the local
Administrators group and have them try logging on again,
it successfully authenticates. The entire setup works
great for domain users with admin access to the local PC--
it fails for normal domain users.
User, computer, and IAS certificates all check out OK.
The adapter is a Cisco Aironet 350 series (strong
encryption) and is using a Cisco Aironet 1200 access point
running IOS software. The domain controllers are a mix of
Windows 2000 Server (SP4) and Windows Server 2003 at the
Windows 2000 native functional level.
I have reviewed our Group Policy settings and the changes
we made to the out-of-box configuration. Reversing them
has no effect. The only work around I have right now is
to add every user that needs wireless access to the local
Administrators group on the client--and that's
unacceptable. Any help is much appreciated.
I have a Windows 2000 Pro (SP4) workstation set up to
authenticate to our wireless network using EAP-TLS. The
computer authenticates correctly by itself when no one is
logged on. When a domain user account that is a member of
the local Administrators group logs on, it successfully
authenticates, too. When a domain user without local
Administrators membership logs on, it fails to
authenticate and drops the network connection. The IAS
server (Windows Server 2003) reports a warning in the
System Event Log. (Reason-Code = 262, Reason = The
supplied message is incomplete. The signature was not
verified.) If I add the failed user to the local
Administrators group and have them try logging on again,
it successfully authenticates. The entire setup works
great for domain users with admin access to the local PC--
it fails for normal domain users.
User, computer, and IAS certificates all check out OK.
The adapter is a Cisco Aironet 350 series (strong
encryption) and is using a Cisco Aironet 1200 access point
running IOS software. The domain controllers are a mix of
Windows 2000 Server (SP4) and Windows Server 2003 at the
Windows 2000 native functional level.
I have reviewed our Group Policy settings and the changes
we made to the out-of-box configuration. Reversing them
has no effect. The only work around I have right now is
to add every user that needs wireless access to the local
Administrators group on the client--and that's
unacceptable. Any help is much appreciated.