locked
Wired 802.1X Authentication failed / No activity RRS feed

  • Question

  • We are in the early stages of implementing wired 802.1x authentication in our environment.  Seeing some weird behavior with our Windows 7 x64 SP1 clients either not attempting to re-authenticate for long periods of time or failing with a certificate error.

    Wired 802.1X Authentication failed.

    Network Adapter: Intel(R) Ethernet Connection I217-LM
    Interface GUID: {fd46f808-4fed-4c13-9166-02c47a7ed21e}
    Peer Address: 40A6E8D6030A
    Local Address: 64006A4C5E27
    Connection ID: 0x1
    Identity: host/WK-204544.sherwoodcu.ca
    User: -
    Domain: -
    Reason: 0x50005
    Reason Text: The authentication failed because the certificate on the server computer does not have a server name specified

    Error Code: 0x80420406

    Certain clients seem to work fine for extended period of time and then randomly fail authentication or (according to the event viewer) never try to authenticate again until I restart the Wired Auto Configuration service.

    I have applied a few (of the many) hot fixes but nothing seems to immediately resolve the issue.

    We have since tried updating drivers on a specific model, and have had success. However, we have so many different models and NICs that gets messy really fast.

    Wondering if anyone else has ran into this?  Please see the attached images for current authentication settings enforced via GPO.

    Monday, January 25, 2016 9:01 PM

All replies

  • Hi ShawnPederson,

    Thank you for your question.

    This issue could be caused by the certificate, if you are using wildcard certificate, it will occur this errors. Wildcard certificates do not work with PEAP. We could refer to the following link:

    https://social.technet.microsoft.com/Forums/en-US/c5ada809-8aa9-4e3a-b6ed-e39b06c12ef0/the-certificate-on-the-server-computer-does-not-have-a-server-name-specified-error-0x80420406?forum=winserverNAP 

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Tuesday, January 26, 2016 9:47 AM
  • Thanks for replying Jim.  However, we don't have "Validate Server Certificate" enabled so I am confused why the client would even attempt to validate it?

    

    Also this is just one of the issues we are seeing.  The more common (and harder to trouble shoot issue) is when the client appears to not even try wired 802.1x authentication.  From the switch it looks as though it requests authentication, however the Wired Auto Config logs show no attempt from the client.

    Tuesday, January 26, 2016 3:19 PM
  • Hi ShawnPederson,

    By your state, this issue occur on the client randomly. If that, we suggest you do a clean boot on those client to check if the issue persist:

    https://support.microsoft.com/en-us/kb/929135 

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Saturday, January 30, 2016 9:21 AM