locked
Wireless PEAP not working on any Windows 10 Clients RRS feed

  • Question

  • Hi,

    I have an existing radius server, Meraki wireless and Windows 7 client working perfectly. However introducing Windows 10 clients I have come across authentication issues.  Whatever changes are made they will not connect to the wireless.  They attempt to connect then fail.

    Error events on the clients are

    Information 12/03/2018 17:31:20 Netwtw06 7021 None
    Warning 12/03/2018 17:31:20 Netwtw06 6105 None
    6105 - deauth after EAPOL key exchange sequence
    Information 12/03/2018 17:31:16 Netwtw06 7021 None
    Warning 12/03/2018 17:31:16 Netwtw06 6105 None
    6105 - deauth after EAPOL key exchange sequence
    Information 12/03/2018 17:31:12 Netwtw06 7021 None
    Warning 12/03/2018 17:31:12 Netwtw06 6105 None
    6105 - deauth after EAPOL key exchange sequence

    Errors show on the wireless AP end indicated the issue is with the clients/radius server. See eapol 1 of 4

    Has anyone else come across this issue and a solution.  I have tried all the common solutions to for TLS 1.0 but still the same failed connection status.

    Thanks

    Monday, March 12, 2018 5:46 PM

Answers

  • Finally found the setting responsible to this.   802.11r had been enabled on the APs'.  Disabled this and the issue was resolved.
    • Marked as answer by Pilgrim99 Tuesday, April 3, 2018 10:55 AM
    Tuesday, April 3, 2018 10:55 AM

All replies

  • Hi,

    Have you tried the suggestions in this article to fix this issue?

    https://support.microsoft.com/en-sg/help/3121002/windows-10-devices-can-t-connect-to-an-802-1x-environment

    Make sure the configuration of Radius Wifi connection is right:

    https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_EAP-TTLS___PAP_Authentication_on_Windows_8_and_10

    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 13, 2018 9:06 AM
  • Hi,

    Thank you for the response.

    The wireless profile is the same that is set for Windows 7 so we know it works correctly.

    I have put the other fix in place on several machines but the connection is still not working properly.

    Not connecting, failed connections, multiple connecting and reconnecting failures.


    Thanks

    Tuesday, March 13, 2018 9:38 AM
  • Hi, 

    I still consider the issue is related to TLS issue. 

    Please let me know your Windows server version with your Radius. 

    In addition, for further troubleshooting, please check the event log on Client PC to see if there is any certain error. 

    Also, help to collect following log files onto Network drive, share the link here for our research: 

    1. Capture the network traffic when reproduce this issue. 

    2. Event log on Windows 10: 

    %SystemRoot%\System32\Winevt\Logs\System.evtx

    3. Radius log on Windows server.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 14, 2018 12:06 PM
  • Hi thanks of your help.  You can find the relevant documents

    ############################

    Along with a screenshot from the AP end.

    Thanks


    • Edited by Pilgrim99 Friday, March 16, 2018 11:00 AM
    Wednesday, March 14, 2018 1:54 PM
  • Hi,

    Try this and let me know your Radius server version.

    The following steps will configure a Windows 10 client to use 802.1X with Meraki-hosted RADIUS (NOTE:  these are instructions for the 802.1X with Meraki-hosted RADIUS only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

    1. Click the "Start" menu
    2. Navigate to Settings (Gear Icon) > Network & Internet > Wi-Fi > Manage Known Networks
    3. Click 'Network and Sharing Center'
    4. Select 'Set up a new connection or network'
    5. Select 'Manually connect to a wireless network'
    6. Enter the SSID name in the 'Network name:' field
    7. Select 'WPA2-Enterprise' in the 'Security type:' drop down
    8. Select your encryption type from the 'Encryption type' drop down
    9. Click 'Next'
    10. When 'Successfully added' appears click 'Change connection settings'
    11. Select the 'Security' tab
    12. Click the 'Advanced settings' button
    13. On the '802.1x settings' tab, check the box 'Specify authentication mode' and choose 'User Authentication' from the drop down
    14. Click 'OK'
    15. Back on the 'Security' tab, make sure 'Choose a network authentication method' is set to 'EAP (PEAP)' and then click the 'Settings' button
    16. Click 'OK'
    17. For 'Protected EAP Properties' uncheck 'Validate server certificate' or if you choose to validate server certificate make sure 'Go Daddy Class 2 Certification Authority' and/or 'http://valicert.com' is checked in the 'Trusted Root Certification Authorities' list.
    18. Click the 'Configure' button
    19. Uncheck 'Automatically use my Windows logon name'
    20. Click 'OK' to close all the open dialog boxes


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 16, 2018 8:45 AM
  • Radius server is Windows 2012 NPS


    The above did not work.  Setting up a new SSID without the radius requirement works perfectly.

    Friday, March 16, 2018 10:15 AM
  • Finally found the setting responsible to this.   802.11r had been enabled on the APs'.  Disabled this and the issue was resolved.
    • Marked as answer by Pilgrim99 Tuesday, April 3, 2018 10:55 AM
    Tuesday, April 3, 2018 10:55 AM
  • We are in the process of implementing this things and I been banging my head on the wall with this because some windows 10 could connect and some of them couldn't.  After disabling the 802.11r everything worked.  Thanks!  
    Wednesday, March 13, 2019 6:06 PM