none
Duplicate 802.1x SSID Profile Allowed - (GPO and User) - Windows 10 Build 1703 RRS feed

  • Question

  • Good Afternoon,

    **Added Screenshots 8/2/2017**

    Was curious if anyone else has run into this issue with Windows 10 Version 1703 with an 802.1x SSID PEAP MSCHAPv2 configured via Group Policy: Example: SSID: School-802.1x – a user is also allowed to add a duplicate “School-802.1x” SSID.

    Steps to reproduce:

    1.     1. Added via Networking and Sharing Center -> Setup a new connection or network -> Manually connect to a wireless network:

    • Instead of getting “Choose a different name”
    • Presented with “Successfully added School-802.1x”

    2.      2. Added via Network Settings -> Wi-Fi -> Manage known networks -> Add new network (slightly different behavior:

    • What should happen when a unique SSID is manually added – the SSID is immediately displayed under “Manage network locations”
    • What should happen when a duplicate GPO SSID is added after click saving -> "A network with the same name already exists"
    • What happens when a duplicate GPO SSID is added – after clicking save – the “Add a new network” box closes and the “Manage known networks” list doesn’t change à “Unless you click back” and then return to the “Manage known networks” -> you can then see the duplicate SSIDs - with the original GPO Policy marked as "Added by company policy"

    3.      3. Performing a “netsh wlan show profile” will display both profiles:

    4.      4. What happens if delete the “User” profile – leaving only the GPO Profile – the SSID will continue to function but two errors will be generated

    • netsh wlan show profile School-802.1x --> "Profile "School-802.1x" is not found on the system.
    • Navigating to “Networking and Sharing Center” -> Connections Wi-Fi (School-802.1x) -> Clicking on “Wireless Properties” generates -> "Error Saving Wireless Profile" - Windows has encountered an error saving the wireless profile. Specific error: Element not found".

    The issue I have seen is if the GPO is set to “Computer or User Authentication” and the User Profile is set to something else – the machine will perform a machine authentication with the svcPrincipalName “host\FQDN” which is successfully followed by the samAccountName (DOMAIN\MachineName$” which fails immediately.

    • Edited by GuardianDroid Thursday, August 3, 2017 3:18 AM Screen-shots added
    Wednesday, July 5, 2017 9:55 PM

Answers

  • Our infrastructure team allowed me to open a ticket through their Microsoft Support contract and they were able to reproduce and locate the issue with a new profile lookup hash table that was introduce in Win 10 1703 which has been resolved in Win 10 1709 (tested and verified with preview version).

    • Marked as answer by GuardianDroid Wednesday, October 18, 2017 5:15 PM
    Wednesday, October 18, 2017 5:14 PM

All replies

  • Hi ,

    Due to the limited working environment, it is not available for me to test or reproduce this. Verify your account then upload screenshots, which will be very helpful to understand.

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 7, 2017 9:02 AM
    Moderator
  • Hi Rick_Li,

    My account has been validated and I've attached screen shots (attached above in my original post) and a couple down below. In addition, I've done further testing and have discovered another way a duplicate ssid (GPO and User Added) gets created during an in-place upgrade.

    1. A Windows 10 1611 machine with a GPO WiFi Profile os "School-802.1x" exists
    2. Perform an in-place upgrade to 1703
    3. Upon successfully applying the upgrade and restarting - reviewing the "manage known networks" or "netsh wlan show profile School-801.x" will show that a duplicate user defined profile gets created. It appears something with the upgrade processes causes the GPO profile to create a duplicate User defined profile simply by upgraded. I've been able to re-produce this behavior twice.


    Thursday, August 3, 2017 3:24 AM
  • Our infrastructure team allowed me to open a ticket through their Microsoft Support contract and they were able to reproduce and locate the issue with a new profile lookup hash table that was introduce in Win 10 1703 which has been resolved in Win 10 1709 (tested and verified with preview version).

    • Marked as answer by GuardianDroid Wednesday, October 18, 2017 5:15 PM
    Wednesday, October 18, 2017 5:14 PM