locked
Configuring EAP-TLS on Windows Client (Wired) RRS feed

  • Question

  • Hello,

    I am attempting to configure Windows clients to authenticate as the machine with a computer certificate. The Mac clients authenticate just fine but Windows clients just time out. I have been up and down the config of our switches and the NPS server and still can't seem to find a solution. I see 'Onex Auth Timeout' in the Wired AutoConfig log on the client and on the NPS server I see it is hitting the server in the log in C:\Windows\System32\LogFiles but not in the Event Viewer. I have no idea what I am doing wrong. EAP-MSCHAP-V2 works fine but I want to use EAP-TLS.


    Thanks!

    Thursday, July 28, 2016 4:53 PM

Answers

  • Hello,

    We figured out yesterday that Jumbo frames were on the Switch and were not on the RADIUS server thus the packets were getting skewed I think. After turning off jumbo frames on the switch, Windows clients authenticated fine. Thanks for your Help!

    Friday, July 29, 2016 11:41 AM

All replies

  • Hi,

    OneXRestartReasonOneXAuthTimeout

    The 802.1X authentication restart was the result of an state timeout. The timer expiring is the authWhile timer of the 802.1X supplicant port access entity defined in IEEE 802.1X - 2004 standard for Port-Based Network Access Control. The authWhile timer is used by the supplicant port access entity to determine how long to wait for a request from the authenticator before timing it out.

    1.Please try to  increase the EAP timeout values as EAP-TLS is used on the switch.

    2.Please try to disabling the multicast-trigger function on the ports.

    If they don't help,about certificate problem,you maight want to post your query in security forum for further assistance:

    https://social.technet.microsoft.com/Forums/windowsserver/en-Us/home?forum=winserversecurity

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, July 29, 2016 6:35 AM
  • Hello,

    We figured out yesterday that Jumbo frames were on the Switch and were not on the RADIUS server thus the packets were getting skewed I think. After turning off jumbo frames on the switch, Windows clients authenticated fine. Thanks for your Help!

    Friday, July 29, 2016 11:41 AM