G
Guest
I hope someone has seen this problem before:
I have a Windows 2000 Pro (SP4) workstation set up to authenticate to our wireless network using EAP-TLS. The computer authenticates correctly by itself when no one is logged on. When a domain user account that is a member of the local Administrators group logs on, it successfully authenticates, too. When a domain user without local Administrators membership logs on, it fails to authenticate and drops the network connection. The IAS server (Windows Server 2003) reports a warning in the System Event Log. (Reason-Code = 262, Reason = The supplied message is incomplete. The signature was not verified.) If I add the failed user to the local Administrators group and have them try logging on again, it successfully authenticates. The entire setup works great for domain users with admin access to the local PC--it fails for normal domain users.
User, computer, and IAS certificates all check out OK. The adapter is a Cisco Aironet 350 series (strong encryption) and is using a Cisco Aironet 1200 access point running IOS software. The domain controllers are a mix of Windows 2000 Server (SP4) and Windows Server 2003 at the Windows 2000 native functional level.
I have reviewed our Group Policy settings and the changes we made to the out-of-box configuration. Reversing them has no effect. The only work around I have right now is to add every user that needs wireless access to the local Administrators group on the client--and that's unacceptable. Any help is much appreciated.
I have a Windows 2000 Pro (SP4) workstation set up to authenticate to our wireless network using EAP-TLS. The computer authenticates correctly by itself when no one is logged on. When a domain user account that is a member of the local Administrators group logs on, it successfully authenticates, too. When a domain user without local Administrators membership logs on, it fails to authenticate and drops the network connection. The IAS server (Windows Server 2003) reports a warning in the System Event Log. (Reason-Code = 262, Reason = The supplied message is incomplete. The signature was not verified.) If I add the failed user to the local Administrators group and have them try logging on again, it successfully authenticates. The entire setup works great for domain users with admin access to the local PC--it fails for normal domain users.
User, computer, and IAS certificates all check out OK. The adapter is a Cisco Aironet 350 series (strong encryption) and is using a Cisco Aironet 1200 access point running IOS software. The domain controllers are a mix of Windows 2000 Server (SP4) and Windows Server 2003 at the Windows 2000 native functional level.
I have reviewed our Group Policy settings and the changes we made to the out-of-box configuration. Reversing them has no effect. The only work around I have right now is to add every user that needs wireless access to the local Administrators group on the client--and that's unacceptable. Any help is much appreciated.