none
Dot1x Machine Authentication RRS feed

  • Question

  • Hello Team,

    I have a windows 10 PC that is configured for Machine or User authentication using dot1x. When the machine is reloaded, i can see machine authentication taking place followed by a user authentication when the user logs on to Windows. This part works as expected.

    However, when the user logs out of Windows, we expect to perform EAPoL logoff and have the machine authenticate with the machine account. This is not happening for some reason. When we log out of windows, machine authentication is not triggered.

    Is there any setting we need to play with to trigger machine authentication when the user logs out? Never had this issue before.

    Any help would be appreciated.

    Regards,


    • Edited by zooz211 Monday, May 18, 2020 3:25 PM
    Monday, May 18, 2020 3:25 PM

All replies

  • Hi ,

    Based on my understanding, you question is Windows 10 does not send EAPOL-Logoff when user sign out, is that right? Please feel free to let me know, if my understanding is wrong.

    Here is a similar thread discussed before, you could have a look:

    Windows 10 does not send EAPOL-Logoff on user sign out

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Tuesday, May 19, 2020 3:39 AM
    Moderator
  • Hello Candy,

    Thank you very much for the reply. My concern is not for EAPoL logoff per say. 

    It seems that the PC does not perform machine authentication when the user logs off the machine. They have to reload to trigger machine authentication. Normally, when the user logs out and sees the Windows login prompt, the machine should be triggered to use the machine account and password for 802.1x.

    This is happening on both wired and wireless adapters.

    I have worked with 802.1x on windows supplicants for years and i have always seen them perform machine authentication when the user logs off the machine. I am not sure if this specific PC needs to be configured to allow this somehow.

    Any thoughts on this?

    Tuesday, May 19, 2020 7:06 AM
  • Hi ,

    Thanks for your clarify.

    Before going further, I would appreciate your help in clarifying the following situations:

    Could you please tell me where and how did you see machine authentication? What did you mean about reload?

    It would be helpful for us to identify the problem if you could upload the screenshots.

    If you cannot upload the screenshot ,your account just needs to be verified. You can expedite verification by replying to this thread with your request.

    https://social.msdn.microsoft.com/Forums/en-US/94f05325-8566-4c4c-806c-179a5a0beafc/verify-accounts-43?forum=reportabug

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Tuesday, May 19, 2020 7:30 AM
    Moderator
  • Hello zooz211,

    One thing that you could try is the "netsh trace" command. I would suggest "netsh trace start scenario=Layer2 tracefile=why.etl" to start the trace, then reproduce the problem (log off) then log back on and stop the trace with the command "netsh trace stop".

    You might be able to interpret the why.etl trace yourself; if not, then make it available here via a OneDrive, Google Drive, etc. link.

    Gary

    Tuesday, May 19, 2020 12:39 PM
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Thursday, May 21, 2020 9:11 AM
    Moderator