locked
802.1x save authentication is greyed out on Windows 7 RRS feed

  • Question

  • Hi, I have no problem logging into wireless anywhere around the world. Except the building in which I now work. Somehow their wireless triggers my computer to try to log on using Computer Authentication instead of User Authentication. They tell me this is a windows 7 issue that does not appear with other users running window 8 or 10. Their network uses a Radius Server if that helps.

    I can click on Manage Wireless Networks-> Properties -> Security and see WPA2-Enterprise and AES. Authentication is by PEAP. "Remember my credentials" check box is ticked "yes". Advanced Settings always shows up as "Computer or User Authentication". Authentication Method is EAP-MSCHAP-v2. Configure always shows up as "Automatically use my Windows logon name..." with check "Yes".

    And so it fails to connect. Workaround is to change the MSHAPv2 Properties to uncheck that box. Then go to 802.1x settings and change to User Authentication. And "voila!". It correctly prompts me for my username and password and I can log on no problem.

    Until I reboot. Next time up I have to do all of this again. In particular, it for sure is not remembering my set up. One particularly odd feature is that on the 802.1x settings the option to "Save Credentials" is greyed out. I do not have any group policies on my computer that might be enforcing that. I've looked through the registry for something that might help, but failed so far.

    Any suggestions (other than upgrading to Windows 10)?

    Thanks,

    Wednesday, October 18, 2017 8:47 PM

All replies

  • Hi Tunneller,

    You might first check the event logs to see if there are something related for us to troubleshooting.

    >>One particularly odd feature is that on the 802.1x settings the option to "Save Credentials" is greyed out.

    Generally, It may be disabled by group policy settings.

    As far as I known, HKLM\SOFTWARE\Microsoft\Wlansvc\UserData\Profiles\{GUID}\MSMUserData contains the data related to PEAP credentials. It is encrypted with CryptProtectData. Decryption gave us a binary blob which is luckily easy to understand. It contains username and possibly logon domain in plain text. Password info is encrypted again with CryptProtectData function and placed towards the end of the blob.

    It seems that we cannot manually to add suck registry keys to enable it.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, October 19, 2017 7:33 AM
  • Hi, I do not have any group policy settings (that I know of). Is there a way to check if Windows installed some by default?

    Also HKLM\SOFTWARE\Microsoft\Wlansvc\UserData\Profiles

    is completely blank, but I do see something under

    HKCU\SOFTWARE\Microsoft\Wlansvc\UserData\Profiles

    I dropped that into DataProtectionDecryptor and it told me that the blob was SHA512 AES256 and encrypted with SystemKey (whatever that is) but wouldn't decrypt. I then tried option decrypting it inside lsass.exe and it said "success", but I was not able to save the decrypted output to a file. It didn't obviously look like an XML file from the HEX, but in the strings I could indeed see the user name and what looked like encrypted data later on.

    Not sure what I would do if I did get all of this data out. With regard event logs, I can see WLAN-AutoConfig doing its stuff.

    Network association starts successfully, wireless security starts (task category MsmSecurity), then 802.1x authentication starts (task category OneXAuthentication, event 12011), then does a restart(event 12014) then stops security (event 11004), then announces failure (event 8002 "specific network not available" AcmConnection) and then this repeats a second time, maybe a third time. It looks like it starts trying to log in as a user, and then that fails and then sooner or later tries to log in as a computer which fails.

    Is there something particular in the event log that you would like me to find?

    Tuesday, October 24, 2017 2:56 PM