none
802.1 x authentication settings to trigger user authentication while user logs in RRS feed

  • Question

  • Hi

    I currently have set up company's both wired and wireless network to gets 802.X authentication with Windows 10 client computers.

    I also have set up so that both wired and wireless gets verified on the NAP by validating the Active directory user credentials. Ideally Active Directory users should get Particular VLAN1 IP addressing if they logs on to system. Otherwise if no user logs on, system should get VLAN10

    Everything works great on Wifi connections but have a problem only with computer having Ethernet connectivity.

    Problem : Ethernet base connectivity.

    When Computer is turned on it gets IP address of VLAN10 which is normal behaviour. But after User's login it still keeps on system IP in VLAN10 where ideally it should switch to VLAN1. I checked at network switch end which only gets initial request by Computer name as User-Name:  host/hostname.doamin.com. When user logs in it doesn't receives any new EAPOL-Start Message with AD user name. 

    Post user logs on if i connect or disconnect LAN card/cable on the system IP address gets to proper VLAN1 with switch receiving proper EAPOL-Start Message with AD user name.

    My GPO authentication method Computer and User authentication. I did was changing the EAPOL-Start Message transmission from "Transmit per IEEE 802.1X" to simply "Transmit" but didn't work.

    Any help would be appreciated.

    Kind regards
    Deep

    Wednesday, August 28, 2019 3:02 PM

All replies

  • Hi,

    Thanks for posting in the forum.

    Could you post your event log, open your Event Viewer, navigate to Event Viewer(Local)\Applications and Services Logs\Microsoft\Windows\Wired-AutoConfig/Operational.

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 29, 2019 5:28 AM
  • Event Viewer shows as below on client system.

    Wired 802.1X Authentication failed.

    Network Adapter: Realtek PCIe GBE Family Controller
    Interface GUID: {f2c988ca-d1e8-4ba4-ab60-f13dfb29cb88}
    Peer Address: EC1D8BBD59AD
    Local Address: 448A5BB477AB
    Connection ID: 0x1
    Identity: -
    User: -
    Domain: -
    Reason: 0x50006
    Reason Text: The authenticator is no longer present
    Error Code: 0x0

    While first time I logs in Below shows in netsh

    

    Post LAN unplugged Plugged, netsh shows as below.


    • Edited by DeepMeIn Thursday, August 29, 2019 1:44 PM
    Thursday, August 29, 2019 11:22 AM
  • Hi,

    From your client log, your client didn't provide Identity, User, Domain to authenticate, and the reason is authenticator is not present. Could you check your NPS server log?

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 30, 2019 7:45 AM
  • Hi,

    Just checking in to see if your question is resolved? Please let us know if you would like further assistance.

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 3, 2019 6:16 AM
  • Hi,

    While GPO configured with Computer and User Base Authentication set-

    Initially authentication message received at network switch is with Computer name and gets redirected to VLAN10. When User tries to login, no authentication method message receives at end which is causing problem.

    Ideal when system should received VLAN10 ip and post user logs in it should get redirected to VLAN1.

    No abrupt errors recorded on NPS.


    • Edited by DeepMeIn Monday, November 4, 2019 1:33 PM
    Monday, November 4, 2019 1:32 PM