Vista wireless using IAS and WPA-Enterprise

Discussion in 'Windows Networking' started by Paul Mckenna, Jul 16, 2007.

  1. Paul Mckenna

    Paul Mckenna Guest

    Hi,

    I've got a problem with Vista not connecting to our wireless network,
    Everything works great with XP but on Vista although Vista is configured to
    use PEAP i get this error message on the server when the Vista PC try to
    connect...

    User host/Paul07.domain.local was denied access.
    Fully-Qualified-User-Name = domain.local/Computers/PAUL07
    NAS-IP-Address = 192.168.100.126
    NAS-Identifier =
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = <not present>
    Client-Friendly-Name = 3com
    Client-IP-Address = 192.168.100.126
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 29
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = Connections to other access servers
    Authentication-Type = EAP
    EAP-Type = <undetermined>
    Reason-Code = 65
    Reason = The connection attempt failed because remote access permission for
    the user account was denied. To allow remote access, enable remote access
    permission for the user account, or, if the user account specifies that
    access is controlled through the matching remote access policy, enable remote
    access permission for that remote access policy.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    At the moment IAS is only configured to accept PEAP authentication, If i
    enable EAP (Which i don't want to use) i get this message..

    Because no certificate has been configured for clients dialing in with
    EAP-TLS, a default certificate is being sent to user domain\paul. Please go
    to the user's Remote Access Policy and configure the Extensible
    Authentication Protocol (EAP).

    Like i say Vista is configured to PEAP but for some reason seems to be
    sending info that it wants to use EAP-TLS

    What am i doing wrong?

    Thanks in advance for any help
     
    Paul Mckenna, Jul 16, 2007
    #1
    1. Advertisements

  2. Paul Mckenna

    Paul Mckenna Guest

    Hi again,

    sorry i posted the wrong error message for the IAS connection, because i
    keep trying things, this is the actual error i get when the Vista PC tries to
    connect to our wireless network

    User ARKEL\Paul was denied access.
    Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
    NAS-IP-Address = 192.168.100.126
    NAS-Identifier =
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = <not present>
    Client-Friendly-Name = 3com
    Client-IP-Address = 192.168.100.126
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 29
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = VPN
    Authentication-Type = EAP
    EAP-Type = <undetermined>
    Reason-Code = 22
    Reason = The client could not be authenticated because the Extensible
    Authentication Protocol (EAP) Type cannot be processed by the server.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    Paul Mckenna, Jul 16, 2007
    #2
    1. Advertisements

  3. I would double check the remote Access Policy. This post may help,

    IAS Reason-Code = 65

    http://www.chicagotech.net/netforums/viewtopic.php?p=1711#1711


    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
    Hi,

    I've got a problem with Vista not connecting to our wireless network,
    Everything works great with XP but on Vista although Vista is configured to
    use PEAP i get this error message on the server when the Vista PC try to
    connect...

    User host/Paul07.domain.local was denied access.
    Fully-Qualified-User-Name = domain.local/Computers/PAUL07
    NAS-IP-Address = 192.168.100.126
    NAS-Identifier =
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = <not present>
    Client-Friendly-Name = 3com
    Client-IP-Address = 192.168.100.126
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 29
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = Connections to other access servers
    Authentication-Type = EAP
    EAP-Type = <undetermined>
    Reason-Code = 65
    Reason = The connection attempt failed because remote access permission for
    the user account was denied. To allow remote access, enable remote access
    permission for the user account, or, if the user account specifies that
    access is controlled through the matching remote access policy, enable remote
    access permission for that remote access policy.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    At the moment IAS is only configured to accept PEAP authentication, If i
    enable EAP (Which i don't want to use) i get this message..

    Because no certificate has been configured for clients dialing in with
    EAP-TLS, a default certificate is being sent to user domain\paul. Please go
    to the user's Remote Access Policy and configure the Extensible
    Authentication Protocol (EAP).

    Like i say Vista is configured to PEAP but for some reason seems to be
    sending info that it wants to use EAP-TLS

    What am i doing wrong?

    Thanks in advance for any help
     
    Robert L [MVP - Networking], Jul 16, 2007
    #3
  4. Paul Mckenna

    Paul Mckenna Guest

    Thanks for your quick response, It's my fault i posted the wrong error
    message.. The actual failure is

    User DOMAIN\Paul was denied access.
    Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
    NAS-IP-Address = 192.168.100.126
    NAS-Identifier =
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = <not present>
    Client-Friendly-Name = 3com
    Client-IP-Address = 192.168.100.126
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 29
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = VPN
    Authentication-Type = EAP
    EAP-Type = <undetermined>
    Reason-Code = 22
    Reason = The client could not be authenticated because the Extensible
    Authentication Protocol (EAP) Type cannot be processed by the server.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    It seems to be that Vista is sending that it wants to use EAP even though
    it's configured to use PEAP.
     
    Paul Mckenna, Jul 16, 2007
    #4
  5. Or this post:.

    IAS Reason-Code = 22 and 97
    http://chicagotech.net/netforums/viewtopic.php?t=1063

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

    Thanks for your quick response, It's my fault i posted the wrong error
    message.. The actual failure is

    User DOMAIN\Paul was denied access.
    Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
    NAS-IP-Address = 192.168.100.126
    NAS-Identifier =
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = <not present>
    Client-Friendly-Name = 3com
    Client-IP-Address = 192.168.100.126
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 29
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = VPN
    Authentication-Type = EAP
    EAP-Type = <undetermined>
    Reason-Code = 22
    Reason = The client could not be authenticated because the Extensible
    Authentication Protocol (EAP) Type cannot be processed by the server.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    It seems to be that Vista is sending that it wants to use EAP even though
    it's configured to use PEAP.
     
    Robert L [MVP - Networking], Jul 16, 2007
    #5
  6. Paul Mckenna

    Paul Mckenna Guest

    again I Appreciate your response but this works with XP, XP sends the message
    to IAS that it wants to use PEAP authentication where as Vista sends the
    message to use EAP (which is not configured and is not something i want to
    use) even though Vista is configured to use PEAP.
    So although these error message will probably help with someone who wants to
    use EAP-TLS without having properly configured it. They don't really shed any
    light on my problem.

    Thnaks again

    Regards
    Paul
     
    Paul Mckenna, Jul 16, 2007
    #6
  7. Hello Paul,

    Thank you for using newsgroup!

    From your post, I'd like to suggest you try to reduce the EAP packet size
    of a Remote Authentication Dial-In User Service (RADIUS) server. You can do
    this by using the Framed-MTU attribute in Internet Authentication Services
    (IAS) of a Microsoft Windows Server 2003-based computer. For more detailed
    steps, please refer to:
    883389: How to reduce the EAP packet size by using the Framed MTU attribute
    in Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.





    --------------------
    | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
    | X-WBNR-Posting-Host: 207.46.193.207
    | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | References: <>
    <>
    <>
    <uE4PtN$>
    | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | Date: Mon, 16 Jul 2007 15:06:04 -0700
    | Lines: 115
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | Newsgroups: microsoft.public.windows.server.networking
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.networking:5812
    | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    |
    | again I Appreciate your response but this works with XP, XP sends the
    message
    | to IAS that it wants to use PEAP authentication where as Vista sends the
    | message to use EAP (which is not configured and is not something i want
    to
    | use) even though Vista is configured to use PEAP.
    | So although these error message will probably help with someone who wants
    to
    | use EAP-TLS without having properly configured it. They don't really shed
    any
    | light on my problem.
    |
    | Thnaks again
    |
    | Regards
    | Paul
    |
    |
    | "Robert L [MVP - Networking]" wrote:
    |
    | > Or this post:.
    | >
    | > IAS Reason-Code = 22 and 97
    | > http://chicagotech.net/netforums/viewtopic.php?t=1063
    | >
    | > Bob Lin, MS-MVP, MCSE & CNE
    | > Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    | > How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
    | >
    | > Thanks for your quick response, It's my fault i posted the wrong
    error
    | > message.. The actual failure is
    | >
    | > User DOMAIN\Paul was denied access.
    | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
    | > NAS-IP-Address = 192.168.100.126
    | > NAS-Identifier =
    | > Called-Station-Identifier = <not present>
    | > Calling-Station-Identifier = <not present>
    | > Client-Friendly-Name = 3com
    | > Client-IP-Address = 192.168.100.126
    | > NAS-Port-Type = Wireless - IEEE 802.11
    | > NAS-Port = 29
    | > Proxy-Policy-Name = Use Windows authentication for all users
    | > Authentication-Provider = Windows
    | > Authentication-Server = <undetermined>
    | > Policy-Name = VPN
    | > Authentication-Type = EAP
    | > EAP-Type = <undetermined>
    | > Reason-Code = 22
    | > Reason = The client could not be authenticated because the
    Extensible
    | > Authentication Protocol (EAP) Type cannot be processed by the server.
    | >
    | > For more information, see Help and Support Center at
    | > http://go.microsoft.com/fwlink/events.asp.
    | >
    | > It seems to be that Vista is sending that it wants to use EAP even
    though
    | > it's configured to use PEAP.
    | >
    | > "Robert L [MVP - Networking]" wrote:
    | >
    | > > I would double check the remote Access Policy. This post may help,
    | > >
    | > > IAS Reason-Code = 65
    | > >
    | > > http://www.chicagotech.net/netforums/viewtopic.php?p=1711#1711
    | > >
    | > >
    | > > Bob Lin, MS-MVP, MCSE & CNE
    | > > Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    | > > How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
    | > > Hi,
    | > >
    | > > I've got a problem with Vista not connecting to our wireless
    network,
    | > > Everything works great with XP but on Vista although Vista is
    configured to
    | > > use PEAP i get this error message on the server when the Vista PC
    try to
    | > > connect...
    | > >
    | > > User host/Paul07.domain.local was denied access.
    | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
    | > > NAS-IP-Address = 192.168.100.126
    | > > NAS-Identifier =
    | > > Called-Station-Identifier = <not present>
    | > > Calling-Station-Identifier = <not present>
    | > > Client-Friendly-Name = 3com
    | > > Client-IP-Address = 192.168.100.126
    | > > NAS-Port-Type = Wireless - IEEE 802.11
    | > > NAS-Port = 29
    | > > Proxy-Policy-Name = Use Windows authentication for all users
    | > > Authentication-Provider = Windows
    | > > Authentication-Server = <undetermined>
    | > > Policy-Name = Connections to other access servers
    | > > Authentication-Type = EAP
    | > > EAP-Type = <undetermined>
    | > > Reason-Code = 65
    | > > Reason = The connection attempt failed because remote access
    permission for
    | > > the user account was denied. To allow remote access, enable
    remote access
    | > > permission for the user account, or, if the user account
    specifies that
    | > > access is controlled through the matching remote access policy,
    enable remote
    | > > access permission for that remote access policy.
    | > >
    | > > For more information, see Help and Support Center at
    | > > http://go.microsoft.com/fwlink/events.asp.
    | > >
    | > > At the moment IAS is only configured to accept PEAP
    authentication, If i
    | > > enable EAP (Which i don't want to use) i get this message..
    | > >
    | > > Because no certificate has been configured for clients dialing in
    with
    | > > EAP-TLS, a default certificate is being sent to user domain\paul.
    Please go
    | > > to the user's Remote Access Policy and configure the Extensible
    | > > Authentication Protocol (EAP).
    | > >
    | > > Like i say Vista is configured to PEAP but for some reason seems
    to be
    | > > sending info that it wants to use EAP-TLS
    | > >
    | > > What am i doing wrong?
    | > >
    | > > Thanks in advance for any help
    |
     
    Ken Zhao [MSFT], Jul 17, 2007
    #7
  8. Paul Mckenna

    Paul Mckenna Guest

    Hi,

    Thanks for your suggestion I've tried this and it makes no difference, I
    tried setting it to various numbers 1344,1000,64,128 none made any
    difference. I have since found out that using another make Access Point
    rather than 3Com and Vista will connect but all 3Com acccess points i've
    tried work fine with XP but not with Vista.

    I'm not sure what else to try.

    Regards
    Paul Mckenna

     
    Paul Mckenna, Jul 17, 2007
    #8
  9. Hi Paul,

    Based on my research, if the problem only occurs on Windows Vista machines,
    I suggest you perform the following steps on the Vista machines:

    1£®Click Start , click All Programs, click Accessories, and then click
    Command Prompt.
    2£®At the command prompt, type the following command, and then press ENTER:
    netsh interface tcp set global autotuninglevel=disabled
    This command disables the Receive Window Auto-Tuning feature.
    3£®Try to make a non-HTTP network connection.
    Note: If the connectivity problem is resolved, contact the manufacturer of
    the firewall device for steps to correct the issue.
    4£®At a command prompt, type the following command, and then press ENTER:
    netsh interface tcp set global autotuninglevel=normal
    This command enables Receive Window Auto-Tuning again so that you can take
    advantage of the network throughput performance increase it provides.

    Also I found there are new KB articles already described for this issue and
    give the workaround.
    934430: Network connectivity may fail when you try to use Windows Vista
    behind a firewall device
    http://support.microsoft.com/kb/934430

    929868: A Web site sends data very slowly or drops the data completely when
    you use Windows Vista Enterprise
    http://support.microsoft.com/kb/929868

    935400: It takes a very long time to download an e-mail message from a POP3
    server in Outlook 2007
    http://support.microsoft.com/kb/935400

    Hope that helps!

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.





    --------------------
    | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
    | X-WBNR-Posting-Host: 207.46.19.197
    | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | References: <>
    <>
    <>
    <uE4PtN$>
    <>
    <i#>
    | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | Date: Tue, 17 Jul 2007 03:02:12 -0700
    | Lines: 217
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | Newsgroups: microsoft.public.windows.server.networking
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.networking:5830
    | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    |
    | Hi,
    |
    | Thanks for your suggestion I've tried this and it makes no difference, I
    | tried setting it to various numbers 1344,1000,64,128 none made any
    | difference. I have since found out that using another make Access Point
    | rather than 3Com and Vista will connect but all 3Com acccess points i've
    | tried work fine with XP but not with Vista.
    |
    | I'm not sure what else to try.
    |
    | Regards
    | Paul Mckenna
    |
    | ""Ken Zhao [MSFT]"" wrote:
    |
    | > Hello Paul,
    | >
    | > Thank you for using newsgroup!
    | >
    | > From your post, I'd like to suggest you try to reduce the EAP packet
    size
    | > of a Remote Authentication Dial-In User Service (RADIUS) server. You
    can do
    | > this by using the Framed-MTU attribute in Internet Authentication
    Services
    | > (IAS) of a Microsoft Windows Server 2003-based computer. For more
    detailed
    | > steps, please refer to:
    | > 883389: How to reduce the EAP packet size by using the Framed MTU
    attribute
    | > in Windows Server 2003
    | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389
    | >
    | > Thanks & Regards,
    | >
    | > Ken Zhao
    | >
    | > Microsoft Online Support
    | > Microsoft Global Technical Support Center
    | >
    | > Get Secure! - www.microsoft.com/security
    <http://www.microsoft.com/security>
    | > ====================================================
    | > When responding to posts, please "Reply to Group" via your newsreader
    so
    | > that others may learn and benefit from your issue.
    | > ====================================================
    | > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    | >
    | >
    | >
    | >
    | >
    | > --------------------
    | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
    | > | X-WBNR-Posting-Host: 207.46.193.207
    | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | > | References: <>
    | > <>
    | > <>
    | > <uE4PtN$>
    | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | > | Date: Mon, 16 Jul 2007 15:06:04 -0700
    | > | Lines: 115
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 7bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | > | Newsgroups: microsoft.public.windows.server.networking
    | > | Path: TK2MSFTNGHUB02.phx.gbl
    | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > microsoft.public.windows.server.networking:5812
    | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > |
    | > | again I Appreciate your response but this works with XP, XP sends the
    | > message
    | > | to IAS that it wants to use PEAP authentication where as Vista sends
    the
    | > | message to use EAP (which is not configured and is not something i
    want
    | > to
    | > | use) even though Vista is configured to use PEAP.
    | > | So although these error message will probably help with someone who
    wants
    | > to
    | > | use EAP-TLS without having properly configured it. They don't really
    shed
    | > any
    | > | light on my problem.
    | > |
    | > | Thnaks again
    | > |
    | > | Regards
    | > | Paul
    | > |
    | > |
    | > | "Robert L [MVP - Networking]" wrote:
    | > |
    | > | > Or this post:.
    | > | >
    | > | > IAS Reason-Code = 22 and 97
    | > | > http://chicagotech.net/netforums/viewtopic.php?t=1063
    | > | >
    | > | > Bob Lin, MS-MVP, MCSE & CNE
    | > | > Networking, Internet, Routing, VPN Troubleshooting on
    | > http://www.ChicagoTech.net
    | > | > How to Setup Windows, Network, VPN & Remote Access on
    | > http://www.HowToNetworking.com
    | > | > | >
    | > | > Thanks for your quick response, It's my fault i posted the wrong
    | > error
    | > | > message.. The actual failure is
    | > | >
    | > | > User DOMAIN\Paul was denied access.
    | > | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
    | > | > NAS-IP-Address = 192.168.100.126
    | > | > NAS-Identifier =
    | > | > Called-Station-Identifier = <not present>
    | > | > Calling-Station-Identifier = <not present>
    | > | > Client-Friendly-Name = 3com
    | > | > Client-IP-Address = 192.168.100.126
    | > | > NAS-Port-Type = Wireless - IEEE 802.11
    | > | > NAS-Port = 29
    | > | > Proxy-Policy-Name = Use Windows authentication for all users
    | > | > Authentication-Provider = Windows
    | > | > Authentication-Server = <undetermined>
    | > | > Policy-Name = VPN
    | > | > Authentication-Type = EAP
    | > | > EAP-Type = <undetermined>
    | > | > Reason-Code = 22
    | > | > Reason = The client could not be authenticated because the
    | > Extensible
    | > | > Authentication Protocol (EAP) Type cannot be processed by the
    server.
    | > | >
    | > | > For more information, see Help and Support Center at
    | > | > http://go.microsoft.com/fwlink/events.asp.
    | > | >
    | > | > It seems to be that Vista is sending that it wants to use EAP
    even
    | > though
    | > | > it's configured to use PEAP.
    | > | >
    | > | > "Robert L [MVP - Networking]" wrote:
    | > | >
    | > | > > I would double check the remote Access Policy. This post may
    help,
    | > | > >
    | > | > > IAS Reason-Code = 65
    | > | > >
    | > | > > http://www.chicagotech.net/netforums/viewtopic.php?p=1711#1711
    | > | > >
    | > | > >
    | > | > > Bob Lin, MS-MVP, MCSE & CNE
    | > | > > Networking, Internet, Routing, VPN Troubleshooting on
    | > http://www.ChicagoTech.net
    | > | > > How to Setup Windows, Network, VPN & Remote Access on
    | > http://www.HowToNetworking.com
    | > | > | > > Hi,
    | > | > >
    | > | > > I've got a problem with Vista not connecting to our wireless
    | > network,
    | > | > > Everything works great with XP but on Vista although Vista is
    | > configured to
    | > | > > use PEAP i get this error message on the server when the
    Vista PC
    | > try to
    | > | > > connect...
    | > | > >
    | > | > > User host/Paul07.domain.local was denied access.
    | > | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
    | > | > > NAS-IP-Address = 192.168.100.126
    | > | > > NAS-Identifier =
    | > | > > Called-Station-Identifier = <not present>
    | > | > > Calling-Station-Identifier = <not present>
    | > | > > Client-Friendly-Name = 3com
    | > | > > Client-IP-Address = 192.168.100.126
    | > | > > NAS-Port-Type = Wireless - IEEE 802.11
    | > | > > NAS-Port = 29
    | > | > > Proxy-Policy-Name = Use Windows authentication for all users
    | > | > > Authentication-Provider = Windows
    | > | > > Authentication-Server = <undetermined>
    | > | > > Policy-Name = Connections to other access servers
    | > | > > Authentication-Type = EAP
    | > | > > EAP-Type = <undetermined>
    | > | > > Reason-Code = 65
    | > | > > Reason = The connection attempt failed because remote access
    | > permission for
    | > | > > the user account was denied. To allow remote access, enable
    | > remote access
    | > | > > permission for the user account, or, if the user account
    | > specifies that
    | > | > > access is controlled through the matching remote access
    policy,
    | > enable remote
    | > | > > access permission for that remote access policy.
    | > | > >
    | > | > > For more information, see Help and Support Center at
    | > | > > http://go.microsoft.com/fwlink/events.asp.
    | > | > >
    | > | > > At the moment IAS is only configured to accept PEAP
    | > authentication, If i
    | > | > > enable EAP (Which i don't want to use) i get this message..
    | > | > >
    | > | > > Because no certificate has been configured for clients
    dialing in
    | > with
    | > | > > EAP-TLS, a default certificate is being sent to user
    domain\paul.
    | > Please go
    | > | > > to the user's Remote Access Policy and configure the
    Extensible
    | > | > > Authentication Protocol (EAP).
    | > | > >
    | > | > > Like i say Vista is configured to PEAP but for some reason
    seems
    | > to be
    | > | > > sending info that it wants to use EAP-TLS
    | > | > >
    | > | > > What am i doing wrong?
    | > | > >
    | > | > > Thanks in advance for any help
    | > |
    | >
    | >
    |
     
    Ken Zhao [MSFT], Jul 18, 2007
    #9
  10. Paul Mckenna

    Paul Mckenna Guest

    Thanks for your suggestion.

    I've tried turning off autotuninglevel on the Vista machines but with no
    joy, I've also looked at the KB articles none of which seem to relate to the
    problem i'm having but i've tried the suggestions, Still nothing.

    Just to recap when using any 3Com Access Point with a windows Vista client
    the 3com access point sends data to the IAS server to say it wants to use EAP
    (even thought vista is configured to use PEAP) authentication, with an XP
    client the 3com box sends it want to use PEAP authentication. If i enable
    EAP-TLS authentication on IAS and install a user certificate on the Vista
    machine and set Vista to use a certificate to log in, the connection works
    but it's a lot of hassle maintaining and installing certificates for each
    user, i would much rather use PEAP.

    Regards
    Paul Mckenna
     
    Paul Mckenna, Jul 18, 2007
    #10
  11. Hi Paul,

    Thanks for your reply.

    Based on my deep research, it seems to be certificate issue.

    At this moment, please check RADIUS server to see if there are lots of
    certificates, which may be more than the limit that the IAS server can send
    in the list to the wireless clients while authentication. If lots of
    certificates exist in RADIUS server, please try to delete the certificates
    which are not required. And then reboot the server to remove the cached
    certificates which the server has to see if it can help. For more related
    information, please refer to:

    933430: Clients cannot make connections if you require client certificates
    on a Web site or if you use IAS in Windows Server 2003
    http://support.microsoft.com/kb/933430/en-us

    Hope that helps!

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.





    --------------------
    | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | thread-index: AcfJOVEUcuDIWd+FTk2zil1LiYAfTA==
    | X-WBNR-Posting-Host: 207.46.193.207
    | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | References: <>
    <>
    <>
    <uE4PtN$>
    <>
    <i#>
    <>
    <>
    | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | Date: Wed, 18 Jul 2007 05:44:01 -0700
    | Lines: 320
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 8bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | Newsgroups: microsoft.public.windows.server.networking
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.networking:5872
    | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    |
    |
    | Thanks for your suggestion.
    |
    | I've tried turning off autotuninglevel on the Vista machines but with no
    | joy, I've also looked at the KB articles none of which seem to relate to
    the
    | problem i'm having but i've tried the suggestions, Still nothing.
    |
    | Just to recap when using any 3Com Access Point with a windows Vista
    client
    | the 3com access point sends data to the IAS server to say it wants to use
    EAP
    | (even thought vista is configured to use PEAP) authentication, with an XP
    | client the 3com box sends it want to use PEAP authentication. If i enable
    | EAP-TLS authentication on IAS and install a user certificate on the Vista
    | machine and set Vista to use a certificate to log in, the connection
    works
    | but it's a lot of hassle maintaining and installing certificates for each
    | user, i would much rather use PEAP.
    |
    | Regards
    | Paul Mckenna
    | ""Ken Zhao [MSFT]"" wrote:
    |
    | > Hi Paul,
    | >
    | > Based on my research, if the problem only occurs on Windows Vista
    machines,
    | > I suggest you perform the following steps on the Vista machines:
    | >
    | > 1£®Click Start , click All Programs, click Accessories, and then
    click
    | > Command Prompt.
    | > 2£®At the command prompt, type the following command, and then press
    ENTER:
    | > netsh interface tcp set global autotuninglevel=disabled
    | > This command disables the Receive Window Auto-Tuning feature.
    | > 3£®Try to make a non-HTTP network connection.
    | > Note: If the connectivity problem is resolved, contact the manufacturer
    of
    | > the firewall device for steps to correct the issue.
    | > 4£®At a command prompt, type the following command, and then press
    ENTER:
    | > netsh interface tcp set global autotuninglevel=normal
    | > This command enables Receive Window Auto-Tuning again so that you can
    take
    | > advantage of the network throughput performance increase it provides.
    | >
    | > Also I found there are new KB articles already described for this issue
    and
    | > give the workaround.
    | > 934430: Network connectivity may fail when you try to use Windows Vista
    | > behind a firewall device
    | > http://support.microsoft.com/kb/934430
    | >
    | > 929868: A Web site sends data very slowly or drops the data completely
    when
    | > you use Windows Vista Enterprise
    | > http://support.microsoft.com/kb/929868
    | >
    | > 935400: It takes a very long time to download an e-mail message from a
    POP3
    | > server in Outlook 2007
    | > http://support.microsoft.com/kb/935400
    | >
    | > Hope that helps!
    | >
    | > Thanks & Regards,
    | >
    | > Ken Zhao
    | >
    | > Microsoft Online Support
    | > Microsoft Global Technical Support Center
    | >
    | > Get Secure! - www.microsoft.com/security
    <http://www.microsoft.com/security>
    | > ====================================================
    | > When responding to posts, please "Reply to Group" via your newsreader
    so
    | > that others may learn and benefit from your issue.
    | > ====================================================
    | > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    | >
    | >
    | >
    | >
    | >
    | > --------------------
    | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | > | thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
    | > | X-WBNR-Posting-Host: 207.46.19.197
    | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | > | References: <>
    | > <>
    | > <>
    | > <uE4PtN$>
    | > <>
    | > <i#>
    | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | > | Date: Tue, 17 Jul 2007 03:02:12 -0700
    | > | Lines: 217
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 7bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | > | Newsgroups: microsoft.public.windows.server.networking
    | > | Path: TK2MSFTNGHUB02.phx.gbl
    | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > microsoft.public.windows.server.networking:5830
    | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > |
    | > | Hi,
    | > |
    | > | Thanks for your suggestion I've tried this and it makes no
    difference, I
    | > | tried setting it to various numbers 1344,1000,64,128 none made any
    | > | difference. I have since found out that using another make Access
    Point
    | > | rather than 3Com and Vista will connect but all 3Com acccess points
    i've
    | > | tried work fine with XP but not with Vista.
    | > |
    | > | I'm not sure what else to try.
    | > |
    | > | Regards
    | > | Paul Mckenna
    | > |
    | > | ""Ken Zhao [MSFT]"" wrote:
    | > |
    | > | > Hello Paul,
    | > | >
    | > | > Thank you for using newsgroup!
    | > | >
    | > | > From your post, I'd like to suggest you try to reduce the EAP
    packet
    | > size
    | > | > of a Remote Authentication Dial-In User Service (RADIUS) server.
    You
    | > can do
    | > | > this by using the Framed-MTU attribute in Internet Authentication
    | > Services
    | > | > (IAS) of a Microsoft Windows Server 2003-based computer. For more
    | > detailed
    | > | > steps, please refer to:
    | > | > 883389: How to reduce the EAP packet size by using the Framed MTU
    | > attribute
    | > | > in Windows Server 2003
    | > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389
    | > | >
    | > | > Thanks & Regards,
    | > | >
    | > | > Ken Zhao
    | > | >
    | > | > Microsoft Online Support
    | > | > Microsoft Global Technical Support Center
    | > | >
    | > | > Get Secure! - www.microsoft.com/security
    | > <http://www.microsoft.com/security>
    | > | > ====================================================
    | > | > When responding to posts, please "Reply to Group" via your
    newsreader
    | > so
    | > | > that others may learn and benefit from your issue.
    | > | > ====================================================
    | > | > This posting is provided "AS IS" with no warranties, and confers no
    | > rights.
    | > | >
    | > | >
    | > | >
    | > | >
    | > | >
    | > | > --------------------
    | > | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | > | > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
    | > | > | X-WBNR-Posting-Host: 207.46.193.207
    | > | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | > | > | References: <>
    | > | > <>
    | > | > <>
    | > | > <uE4PtN$>
    | > | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | > | > | Date: Mon, 16 Jul 2007 15:06:04 -0700
    | > | > | Lines: 115
    | > | > | Message-ID: <>
    | > | > | MIME-Version: 1.0
    | > | > | Content-Type: text/plain;
    | > | > | charset="Utf-8"
    | > | > | Content-Transfer-Encoding: 7bit
    | > | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | > | Content-Class: urn:content-classes:message
    | > | > | Importance: normal
    | > | > | Priority: normal
    | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | > | > | Newsgroups: microsoft.public.windows.server.networking
    | > | > | Path: TK2MSFTNGHUB02.phx.gbl
    | > | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > | > microsoft.public.windows.server.networking:5812
    | > | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | > | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > | > |
    | > | > | again I Appreciate your response but this works with XP, XP sends
    the
    | > | > message
    | > | > | to IAS that it wants to use PEAP authentication where as Vista
    sends
    | > the
    | > | > | message to use EAP (which is not configured and is not something
    i
    | > want
    | > | > to
    | > | > | use) even though Vista is configured to use PEAP.
    | > | > | So although these error message will probably help with someone
    who
    | > wants
    | > | > to
    | > | > | use EAP-TLS without having properly configured it. They don't
    really
    | > shed
    | > | > any
    | > | > | light on my problem.
    | > | > |
    | > | > | Thnaks again
    | > | > |
    | > | > | Regards
    | > | > | Paul
    | > | > |
    | > | > |
    | > | > | "Robert L [MVP - Networking]" wrote:
    | > | > |
    | > | > | > Or this post:.
    | > | > | >
    | > | > | > IAS Reason-Code = 22 and 97
    | > | > | > http://chicagotech.net/netforums/viewtopic.php?t=1063
    | > | > | >
    | > | > | > Bob Lin, MS-MVP, MCSE & CNE
    | > | > | > Networking, Internet, Routing, VPN Troubleshooting on
    | > | > http://www.ChicagoTech.net
    | > | > | > How to Setup Windows, Network, VPN & Remote Access on
    | > | > http://www.HowToNetworking.com
    | > | > | > | > | >
    | > | > | > Thanks for your quick response, It's my fault i posted the
    wrong
    | > | > error
    | > | > | > message.. The actual failure is
    | > | > | >
    | > | > | > User DOMAIN\Paul was denied access.
    | > | > | > Fully-Qualified-User-Name = domain.local/Technical/Paul
    Mckenna
    | > | > | > NAS-IP-Address = 192.168.100.126
    | > | > | > NAS-Identifier =
    | > | > | > Called-Station-Identifier = <not present>
    | > | > | > Calling-Station-Identifier = <not present>
    | > | > | > Client-Friendly-Name = 3com
    | > | > | > Client-IP-Address = 192.168.100.126
    | > | > | > NAS-Port-Type = Wireless - IEEE 802.11
    | > | > | > NAS-Port = 29
    | > | > | > Proxy-Policy-Name = Use Windows authentication for all users
    | > | > | > Authentication-Provider = Windows
    | > | > | > Authentication-Server = <undetermined>
    | > | > | > Policy-Name = VPN
    | > | > | > Authentication-Type = EAP
    | > | > | > EAP-Type = <undetermined>
    | > | > | > Reason-Code = 22
    | > | > | > Reason = The client could not be authenticated because the
    | > | > Extensible
    | > | > | > Authentication Protocol (EAP) Type cannot be processed by the
    | > server.
    | > | > | >
    | > | > | > For more information, see Help and Support Center at
    | > | > | > http://go.microsoft.com/fwlink/events.asp.
    | > | > | >
    | > | > | > It seems to be that Vista is sending that it wants to use EAP
    | > even
    | > | > though
    | > | > | > it's configured to use PEAP.
    | > | > | >
    | > | > | > "Robert L [MVP - Networking]" wrote:
    | > | > | >
    | > | > | > > I would double check the remote Access Policy. This post
    may
    | > help,
    | > | > | > >
    | > | > | > > IAS Reason-Code = 65
    | > | > | > >
    | > | > | > >
    http://www.chicagotech.net/netforums/viewtopic.php?p=1711#1711
    | > | > | > >
    | > | > | > >
    | > | > | > > Bob Lin, MS-MVP, MCSE & CNE
    | > | > | > > Networking, Internet, Routing, VPN Troubleshooting on
    | > | > http://www.ChicagoTech.net
    | > | > | > > How to Setup Windows, Network, VPN & Remote Access on
    | > | > http://www.HowToNetworking.com
    message
    | > | > | > | > | > > Hi,
    | > | > | > >
    | > | > | > > I've got a problem with Vista not connecting to our
    wireless
    | > | > network,
    | > | > | > > Everything works great with XP but on Vista although
    Vista is
    | > | > configured to
    | > | > | > > use PEAP i get this error message on the server when the
    | > Vista PC
    | > | > try to
    | > | > | > > connect...
    | > | > | > >
    | > | > | > > User host/Paul07.domain.local was denied access.
    | > | > | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
    | > | > | > > NAS-IP-Address = 192.168.100.126
    | > | > | > > NAS-Identifier =
    | > | > | > > Called-Station-Identifier = <not present>
    | > | > | > > Calling-Station-Identifier = <not present>
    | > | > | > > Client-Friendly-Name = 3com
    | > | > | > > Client-IP-Address = 192.168.100.126
    | > | > | > > NAS-Port-Type = Wireless - IEEE 802.11
    | > | > | > > NAS-Port = 29
    | > | > | > > Proxy-Policy-Name = Use Windows authentication for all
    users
    | > | > | > > Authentication-Provider = Windows
    | > | > | > > Authentication-Server = <undetermined>
    | > | > | > > Policy-Name = Connections to other access servers
    | > | > | > > Authentication-Type = EAP
    | > | > | > > EAP-Type = <undetermined>
    | > | > | > > Reason-Code = 65
    | > | > | > > Reason = The connection attempt failed because remote
    access
    | > | > permission for
    | > | > | > > the user account was denied. To allow remote access,
    enable
    | > | > remote access
    | > | > | > > permission for the user account, or, if the user account
    | > | > specifies that
    | > | > | > > access is controlled through the matching remote access
    | > policy,
    | > | > enable remote
    | > | > | > > access permission for that remote access policy.
    | > | > | > >
    | > | > | > > For more information, see Help and Support Center at
    | > | > | > > http://go.microsoft.com/fwlink/events.asp.
    | > | > | > >
    | > | > | > > At the moment IAS is only configured to accept PEAP
    | > | > authentication, If i
    | > | > | > > enable EAP (Which i don't want to use) i get this
    message..
    | > | > | > >
    |
     
    Ken Zhao [MSFT], Jul 19, 2007
    #11
  12. Paul Mckenna

    Paul Mckenna Guest

    Hi,

    I will try that, Thanks for all your help Ken.

    Regards
    Paul Mckenna

     
    Paul Mckenna, Jul 20, 2007
    #12
  13. Hello Paul,

    If you have any updates, please feel free to let us know.

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.





    --------------------
    | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | thread-index: AcfKz0gdXKJORXLhTFCZDosYYzs3GQ==
    | X-WBNR-Posting-Host: 207.46.193.207
    | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | References: <>
    <>
    <>
    <uE4PtN$>
    <>
    <i#>
    <>
    <>
    <>
    <>
    | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | Date: Fri, 20 Jul 2007 06:10:02 -0700
    | Lines: 309
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 8bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | Newsgroups: microsoft.public.windows.server.networking
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.networking:5920
    | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    |
    | Hi,
    |
    | I will try that, Thanks for all your help Ken.
    |
    | Regards
    | Paul Mckenna
    |
    | ""Ken Zhao [MSFT]"" wrote:
    |
    | > Hi Paul,
    | >
    | > Thanks for your reply.
    | >
    | > Based on my deep research, it seems to be certificate issue.
    | >
    | > At this moment, please check RADIUS server to see if there are lots of
    | > certificates, which may be more than the limit that the IAS server can
    send
    | > in the list to the wireless clients while authentication. If lots of
    | > certificates exist in RADIUS server, please try to delete the
    certificates
    | > which are not required. And then reboot the server to remove the cached
    | > certificates which the server has to see if it can help. For more
    related
    | > information, please refer to:
    | >
    | > 933430: Clients cannot make connections if you require client
    certificates
    | > on a Web site or if you use IAS in Windows Server 2003
    | > http://support.microsoft.com/kb/933430/en-us
    | >
    | > Hope that helps!
    | >
    | > Thanks & Regards,
    | >
    | > Ken Zhao
    | >
    | > Microsoft Online Support
    | > Microsoft Global Technical Support Center
    | >
    | > Get Secure! - www.microsoft.com/security
    <http://www.microsoft.com/security>
    | > ====================================================
    | > When responding to posts, please "Reply to Group" via your newsreader
    so
    | > that others may learn and benefit from your issue.
    | > ====================================================
    | > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    | >
    | >
    | >
    | >
    | >
    | > --------------------
    | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | > | thread-index: AcfJOVEUcuDIWd+FTk2zil1LiYAfTA==
    | > | X-WBNR-Posting-Host: 207.46.193.207
    | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | > | References: <>
    | > <>
    | > <>
    | > <uE4PtN$>
    | > <>
    | > <i#>
    | > <>
    | > <>
    | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | > | Date: Wed, 18 Jul 2007 05:44:01 -0700
    | > | Lines: 320
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 8bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | > | Newsgroups: microsoft.public.windows.server.networking
    | > | Path: TK2MSFTNGHUB02.phx.gbl
    | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > microsoft.public.windows.server.networking:5872
    | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > |
    | > |
    | > | Thanks for your suggestion.
    | > |
    | > | I've tried turning off autotuninglevel on the Vista machines but with
    no
    | > | joy, I've also looked at the KB articles none of which seem to relate
    to
    | > the
    | > | problem i'm having but i've tried the suggestions, Still nothing.
    | > |
    | > | Just to recap when using any 3Com Access Point with a windows Vista
    | > client
    | > | the 3com access point sends data to the IAS server to say it wants to
    use
    | > EAP
    | > | (even thought vista is configured to use PEAP) authentication, with
    an XP
    | > | client the 3com box sends it want to use PEAP authentication. If i
    enable
    | > | EAP-TLS authentication on IAS and install a user certificate on the
    Vista
    | > | machine and set Vista to use a certificate to log in, the connection
    | > works
    | > | but it's a lot of hassle maintaining and installing certificates for
    each
    | > | user, i would much rather use PEAP.
    | > |
    | > | Regards
    | > | Paul Mckenna
    | > | ""Ken Zhao [MSFT]"" wrote:
    | > |
    | > | > Hi Paul,
    | > | >
    | > | > Based on my research, if the problem only occurs on Windows Vista
    | > machines,
    | > | > I suggest you perform the following steps on the Vista machines:
    | > | >
    | > | > 1£®Click Start , click All Programs, click Accessories, and
    then
    | > click
    | > | > Command Prompt.
    | > | > 2£®At the command prompt, type the following command, and
    then press
    | > ENTER:
    | > | > netsh interface tcp set global autotuninglevel=disabled
    | > | > This command disables the Receive Window Auto-Tuning feature.
    | > | > 3£®Try to make a non-HTTP network connection.
    | > | > Note: If the connectivity problem is resolved, contact the
    manufacturer
    | > of
    | > | > the firewall device for steps to correct the issue.
    | > | > 4£®At a command prompt, type the following command, and then
    press
    | > ENTER:
    | > | > netsh interface tcp set global autotuninglevel=normal
    | > | > This command enables Receive Window Auto-Tuning again so that you
    can
    | > take
    | > | > advantage of the network throughput performance increase it
    provides.
    | > | >
    | > | > Also I found there are new KB articles already described for this
    issue
    | > and
    | > | > give the workaround.
    | > | > 934430: Network connectivity may fail when you try to use Windows
    Vista
    | > | > behind a firewall device
    | > | > http://support.microsoft.com/kb/934430
    | > | >
    | > | > 929868: A Web site sends data very slowly or drops the data
    completely
    | > when
    | > | > you use Windows Vista Enterprise
    | > | > http://support.microsoft.com/kb/929868
    | > | >
    | > | > 935400: It takes a very long time to download an e-mail message
    from a
    | > POP3
    | > | > server in Outlook 2007
    | > | > http://support.microsoft.com/kb/935400
    | > | >
    | > | > Hope that helps!
    | > | >
    | > | > Thanks & Regards,
    | > | >
    | > | > Ken Zhao
    | > | >
    | > | > Microsoft Online Support
    | > | > Microsoft Global Technical Support Center
    | > | >
    | > | > Get Secure! - www.microsoft.com/security
    | > <http://www.microsoft.com/security>
    | > | > ====================================================
    | > | > When responding to posts, please "Reply to Group" via your
    newsreader
    | > so
    | > | > that others may learn and benefit from your issue.
    | > | > ====================================================
    | > | > This posting is provided "AS IS" with no warranties, and confers no
    | > rights.
    | > | >
    | > | >
    | > | >
    | > | >
    | > | >
    | > | > --------------------
    | > | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | > | > | thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
    | > | > | X-WBNR-Posting-Host: 207.46.19.197
    | > | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | > | > | References: <>
    | > | > <>
    | > | > <>
    | > | > <uE4PtN$>
    | > | > <>
    | > | > <i#>
    | > | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | > | > | Date: Tue, 17 Jul 2007 03:02:12 -0700
    | > | > | Lines: 217
    | > | > | Message-ID: <>
    | > | > | MIME-Version: 1.0
    | > | > | Content-Type: text/plain;
    | > | > | charset="Utf-8"
    | > | > | Content-Transfer-Encoding: 7bit
    | > | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | > | Content-Class: urn:content-classes:message
    | > | > | Importance: normal
    | > | > | Priority: normal
    | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | > | > | Newsgroups: microsoft.public.windows.server.networking
    | > | > | Path: TK2MSFTNGHUB02.phx.gbl
    | > | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > | > microsoft.public.windows.server.networking:5830
    | > | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | > | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > | > |
    | > | > | Hi,
    | > | > |
    | > | > | Thanks for your suggestion I've tried this and it makes no
    | > difference, I
    | > | > | tried setting it to various numbers 1344,1000,64,128 none made
    any
    | > | > | difference. I have since found out that using another make Access
    | > Point
    | > | > | rather than 3Com and Vista will connect but all 3Com acccess
    points
    | > i've
    | > | > | tried work fine with XP but not with Vista.
    | > | > |
    | > | > | I'm not sure what else to try.
    | > | > |
    | > | > | Regards
    | > | > | Paul Mckenna
    | > | > |
    | > | > | ""Ken Zhao [MSFT]"" wrote:
    | > | > |
    | > | > | > Hello Paul,
    | > | > | >
    | > | > | > Thank you for using newsgroup!
    | > | > | >
    | > | > | > From your post, I'd like to suggest you try to reduce the EAP
    | > packet
    | > | > size
    | > | > | > of a Remote Authentication Dial-In User Service (RADIUS)
    server.
    | > You
    | > | > can do
    | > | > | > this by using the Framed-MTU attribute in Internet
    Authentication
    | > | > Services
    | > | > | > (IAS) of a Microsoft Windows Server 2003-based computer. For
    more
    | > | > detailed
    | > | > | > steps, please refer to:
    | > | > | > 883389: How to reduce the EAP packet size by using the Framed
    MTU
    | > | > attribute
    | > | > | > in Windows Server 2003
    | > | > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389
    | > | > | >
    | > | > | > Thanks & Regards,
    | > | > | >
    | > | > | > Ken Zhao
    | > | > | >
    | > | > | > Microsoft Online Support
    | > | > | > Microsoft Global Technical Support Center
    | > | > | >
    | > | > | > Get Secure! - www.microsoft.com/security
    | > | > <http://www.microsoft.com/security>
    | > | > | > ====================================================
    | > | > | > When responding to posts, please "Reply to Group" via your
    | > newsreader
    | > | > so
    | > | > | > that others may learn and benefit from your issue.
    | > | > | > ====================================================
    | > | > | > This posting is provided "AS IS" with no warranties, and
    confers no
    | > | > rights.
    | > | > | >
    | > | > | >
    | > | > | >
    | > | > | >
    | > | > | >
    | > | > | > --------------------
    | > | > | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | > | > | > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
    | > | > | > | X-WBNR-Posting-Host: 207.46.193.207
    | > | > | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?=
    <>
    | > | > | > | References:
    <>
    | > | > | > <>
    | > | > | > <>
    | > | > | > <uE4PtN$>
    | > | > | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | > | > | > | Date: Mon, 16 Jul 2007 15:06:04 -0700
    | > | > | > | Lines: 115
    | > | > | > | Message-ID:
    <>
    | > | > | > | MIME-Version: 1.0
    | > | > | > | Content-Type: text/plain;
    | > | > | > | charset="Utf-8"
    | > | > | > | Content-Transfer-Encoding: 7bit
    | > | > | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | > | > | Content-Class: urn:content-classes:message
    | > | > | > | Importance: normal
    | > | > | > | Priority: normal
    | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | > | > | > | Newsgroups: microsoft.public.windows.server.networking
    | > | > | > | Path: TK2MSFTNGHUB02.phx.gbl
    | > | > | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > | > | > microsoft.public.windows.server.networking:5812
    | > | > | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > | > | > |
    | > | > | > | again I Appreciate your response but this works with XP, XP
    sends
    | > the
    | > | > | > message
    | > | > | > | to IAS that it wants to use PEAP authentication where as
    Vista
    | > sends
    | > | > the
    | > | > | > | message to use EAP (which is not configured and is not
    something
    | > i
    | > | > want
    | > | > | > to
    | > | > | > | use) even though Vista is configured to use PEAP.
    | > | > | > | So although these error message will probably help with
    someone
    | > who
    | > | > wants
    | > | > | > to
    | > | > | > | use EAP-TLS without having properly configured it. They don't
    | > really
    | > | > shed
    | > | > | > any
    | > | > | > | light on my problem.
    | > | > | > |
    |
     
    Ken Zhao [MSFT], Jul 23, 2007
    #13
  14. Hi Paul,

    I am just writing to see how everything is going. If you have any updates
    or need any further assistance on this issue, please feel free to let me
    know.

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.





    --------------------
    | X-Tomcat-ID: 79403276
    | References: <>
    <>
    <>
    <uE4PtN$>
    <>
    <i#>
    <>
    <>
    <>
    <>
    <>
    | MIME-Version: 1.0
    | Content-Type: text/plain
    | Content-Transfer-Encoding: 7bit
    | From: ("Ken Zhao [MSFT]")
    | Organization: Microsoft
    | Date: Mon, 23 Jul 2007 07:31:10 GMT
    | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    | Message-ID: <2#>
    | Newsgroups: microsoft.public.windows.server.networking
    | Lines: 371
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.networking:5985
    | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
    |
    | Hello Paul,
    |
    | If you have any updates, please feel free to let us know.
    |
    | Thanks & Regards,
    |
    | Ken Zhao
    |
    | Microsoft Online Support
    | Microsoft Global Technical Support Center
    |
    | Get Secure! - www.microsoft.com/security
    <http://www.microsoft.com/security>
    | ====================================================
    | When responding to posts, please "Reply to Group" via your newsreader so
    | that others may learn and benefit from your issue.
    | ====================================================
    | This posting is provided "AS IS" with no warranties, and confers no
    rights.
    |
    |
    |
    |
    |
    | --------------------
    | | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | | thread-index: AcfKz0gdXKJORXLhTFCZDosYYzs3GQ==
    | | X-WBNR-Posting-Host: 207.46.193.207
    | | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | | References: <>
    | <>
    | <>
    | <uE4PtN$>
    | <>
    | <i#>
    | <>
    | <>
    | <>
    | <>
    | | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | | Date: Fri, 20 Jul 2007 06:10:02 -0700
    | | Lines: 309
    | | Message-ID: <>
    | | MIME-Version: 1.0
    | | Content-Type: text/plain;
    | | charset="Utf-8"
    | | Content-Transfer-Encoding: 8bit
    | | X-Newsreader: Microsoft CDO for Windows 2000
    | | Content-Class: urn:content-classes:message
    | | Importance: normal
    | | Priority: normal
    | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | | Newsgroups: microsoft.public.windows.server.networking
    | | Path: TK2MSFTNGHUB02.phx.gbl
    | | Xref: TK2MSFTNGHUB02.phx.gbl
    | microsoft.public.windows.server.networking:5920
    | | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | | X-Tomcat-NG: microsoft.public.windows.server.networking
    | |
    | | Hi,
    | |
    | | I will try that, Thanks for all your help Ken.
    | |
    | | Regards
    | | Paul Mckenna
    | |
    | | ""Ken Zhao [MSFT]"" wrote:
    | |
    | | > Hi Paul,
    | | >
    | | > Thanks for your reply.
    | | >
    | | > Based on my deep research, it seems to be certificate issue.
    | | >
    | | > At this moment, please check RADIUS server to see if there are lots
    of
    | | > certificates, which may be more than the limit that the IAS server
    can
    | send
    | | > in the list to the wireless clients while authentication. If lots of
    | | > certificates exist in RADIUS server, please try to delete the
    | certificates
    | | > which are not required. And then reboot the server to remove the
    cached
    | | > certificates which the server has to see if it can help. For more
    | related
    | | > information, please refer to:
    | | >
    | | > 933430: Clients cannot make connections if you require client
    | certificates
    | | > on a Web site or if you use IAS in Windows Server 2003
    | | > http://support.microsoft.com/kb/933430/en-us
    | | >
    | | > Hope that helps!
    | | >
    | | > Thanks & Regards,
    | | >
    | | > Ken Zhao
    | | >
    | | > Microsoft Online Support
    | | > Microsoft Global Technical Support Center
    | | >
    | | > Get Secure! - www.microsoft.com/security
    | <http://www.microsoft.com/security>
    | | > ====================================================
    | | > When responding to posts, please "Reply to Group" via your newsreader
    | so
    | | > that others may learn and benefit from your issue.
    | | > ====================================================
    | | > This posting is provided "AS IS" with no warranties, and confers no
    | rights.
    | | >
    | | >
    | | >
    | | >
    | | >
    | | > --------------------
    | | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | | > | thread-index: AcfJOVEUcuDIWd+FTk2zil1LiYAfTA==
    | | > | X-WBNR-Posting-Host: 207.46.193.207
    | | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | | > | References: <>
    | | > <>
    | | > <>
    | | > <uE4PtN$>
    | | > <>
    | | > <i#>
    | | > <>
    | | > <>
    | | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | | > | Date: Wed, 18 Jul 2007 05:44:01 -0700
    | | > | Lines: 320
    | | > | Message-ID: <>
    | | > | MIME-Version: 1.0
    | | > | Content-Type: text/plain;
    | | > | charset="Utf-8"
    | | > | Content-Transfer-Encoding: 8bit
    | | > | X-Newsreader: Microsoft CDO for Windows 2000
    | | > | Content-Class: urn:content-classes:message
    | | > | Importance: normal
    | | > | Priority: normal
    | | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | | > | Newsgroups: microsoft.public.windows.server.networking
    | | > | Path: TK2MSFTNGHUB02.phx.gbl
    | | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | | > microsoft.public.windows.server.networking:5872
    | | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | | > |
    | | > |
    | | > | Thanks for your suggestion.
    | | > |
    | | > | I've tried turning off autotuninglevel on the Vista machines but
    with
    | no
    | | > | joy, I've also looked at the KB articles none of which seem to
    relate
    | to
    | | > the
    | | > | problem i'm having but i've tried the suggestions, Still nothing.
    | | > |
    | | > | Just to recap when using any 3Com Access Point with a windows Vista
    | | > client
    | | > | the 3com access point sends data to the IAS server to say it wants
    to
    | use
    | | > EAP
    | | > | (even thought vista is configured to use PEAP) authentication, with
    | an XP
    | | > | client the 3com box sends it want to use PEAP authentication. If i
    | enable
    | | > | EAP-TLS authentication on IAS and install a user certificate on the
    | Vista
    | | > | machine and set Vista to use a certificate to log in, the
    connection
    | | > works
    | | > | but it's a lot of hassle maintaining and installing certificates
    for
    | each
    | | > | user, i would much rather use PEAP.
    | | > |
    | | > | Regards
    | | > | Paul Mckenna
    | | > | ""Ken Zhao [MSFT]"" wrote:
    | | > |
    | | > | > Hi Paul,
    | | > | >
    | | > | > Based on my research, if the problem only occurs on Windows Vista
    | | > machines,
    | | > | > I suggest you perform the following steps on the Vista machines:
    | | > | >
    | | > | > 1£®Click Start , click All Programs, click Accessories, and
    | then
    | | > click
    | | > | > Command Prompt.
    | | > | > 2£®At the command prompt, type the following command, and
    | then press
    | | > ENTER:
    | | > | > netsh interface tcp set global autotuninglevel=disabled
    | | > | > This command disables the Receive Window Auto-Tuning feature.
    | | > | > 3£®Try to make a non-HTTP network connection.
    | | > | > Note: If the connectivity problem is resolved, contact the
    | manufacturer
    | | > of
    | | > | > the firewall device for steps to correct the issue.
    | | > | > 4£®At a command prompt, type the following command, and
    then
    | press
    | | > ENTER:
    | | > | > netsh interface tcp set global autotuninglevel=normal
    | | > | > This command enables Receive Window Auto-Tuning again so that you
    | can
    | | > take
    | | > | > advantage of the network throughput performance increase it
    | provides.
    | | > | >
    | | > | > Also I found there are new KB articles already described for this
    | issue
    | | > and
    | | > | > give the workaround.
    | | > | > 934430: Network connectivity may fail when you try to use Windows
    | Vista
    | | > | > behind a firewall device
    | | > | > http://support.microsoft.com/kb/934430
    | | > | >
    | | > | > 929868: A Web site sends data very slowly or drops the data
    | completely
    | | > when
    | | > | > you use Windows Vista Enterprise
    | | > | > http://support.microsoft.com/kb/929868
    | | > | >
    | | > | > 935400: It takes a very long time to download an e-mail message
    | from a
    | | > POP3
    | | > | > server in Outlook 2007
    | | > | > http://support.microsoft.com/kb/935400
    | | > | >
    | | > | > Hope that helps!
    | | > | >
    | | > | > Thanks & Regards,
    | | > | >
    | | > | > Ken Zhao
    | | > | >
    | | > | > Microsoft Online Support
    | | > | > Microsoft Global Technical Support Center
    | | > | >
    | | > | > Get Secure! - www.microsoft.com/security
    | | > <http://www.microsoft.com/security>
    | | > | > ====================================================
    | | > | > When responding to posts, please "Reply to Group" via your
    | newsreader
    | | > so
    | | > | > that others may learn and benefit from your issue.
    | | > | > ====================================================
    | | > | > This posting is provided "AS IS" with no warranties, and confers
    no
    | | > rights.
    | | > | >
    | | > | >
    | | > | >
    | | > | >
    | | > | >
    | | > | > --------------------
    | | > | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | | > | > | thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
    | | > | > | X-WBNR-Posting-Host: 207.46.19.197
    | | > | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <>
    | | > | > | References:
    <>
    | | > | > <>
    | | > | > <>
    | | > | > <uE4PtN$>
    | | > | > <>
    | | > | > <i#>
    | | > | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | | > | > | Date: Tue, 17 Jul 2007 03:02:12 -0700
    | | > | > | Lines: 217
    | | > | > | Message-ID: <>
    | | > | > | MIME-Version: 1.0
    | | > | > | Content-Type: text/plain;
    | | > | > | charset="Utf-8"
    | | > | > | Content-Transfer-Encoding: 7bit
    | | > | > | X-Newsreader: Microsoft CDO for Windows 2000
    | | > | > | Content-Class: urn:content-classes:message
    | | > | > | Importance: normal
    | | > | > | Priority: normal
    | | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | | > | > | Newsgroups: microsoft.public.windows.server.networking
    | | > | > | Path: TK2MSFTNGHUB02.phx.gbl
    | | > | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | | > | > microsoft.public.windows.server.networking:5830
    | | > | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | | > | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | | > | > |
    | | > | > | Hi,
    | | > | > |
    | | > | > | Thanks for your suggestion I've tried this and it makes no
    | | > difference, I
    | | > | > | tried setting it to various numbers 1344,1000,64,128 none made
    | any
    | | > | > | difference. I have since found out that using another make
    Access
    | | > Point
    | | > | > | rather than 3Com and Vista will connect but all 3Com acccess
    | points
    | | > i've
    | | > | > | tried work fine with XP but not with Vista.
    | | > | > |
    | | > | > | I'm not sure what else to try.
    | | > | > |
    | | > | > | Regards
    | | > | > | Paul Mckenna
    | | > | > |
    | | > | > | ""Ken Zhao [MSFT]"" wrote:
    | | > | > |
    | | > | > | > Hello Paul,
    | | > | > | >
    | | > | > | > Thank you for using newsgroup!
    | | > | > | >
    | | > | > | > From your post, I'd like to suggest you try to reduce the EAP
    | | > packet
    | | > | > size
    | | > | > | > of a Remote Authentication Dial-In User Service (RADIUS)
    | server.
    | | > You
    | | > | > can do
    | | > | > | > this by using the Framed-MTU attribute in Internet
    | Authentication
    | | > | > Services
    | | > | > | > (IAS) of a Microsoft Windows Server 2003-based computer. For
    | more
    | | > | > detailed
    | | > | > | > steps, please refer to:
    | | > | > | > 883389: How to reduce the EAP packet size by using the Framed
    | MTU
    | | > | > attribute
    | | > | > | > in Windows Server 2003
    | | > | > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;883389
    | | > | > | >
    | | > | > | > Thanks & Regards,
    | | > | > | >
    | | > | > | > Ken Zhao
    | | > | > | >
    | | > | > | > Microsoft Online Support
    | | > | > | > Microsoft Global Technical Support Center
    | | > | > | >
    | | > | > | > Get Secure! - www.microsoft.com/security
    | | > | > <http://www.microsoft.com/security>
    | | > | > | > ====================================================
    | | > | > | > When responding to posts, please "Reply to Group" via your
    | | > newsreader
    | | > | > so
    | | > | > | > that others may learn and benefit from your issue.
    | | > | > | > ====================================================
    | | > | > | > This posting is provided "AS IS" with no warranties, and
    | confers no
    | | > | > rights.
    | | > | > | >
    | | > | > | >
    | | > | > | >
    | | > | > | >
    | | > | > | >
    | | > | > | > --------------------
    | | > | > | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
    | | > | > | > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
    | | > | > | > | X-WBNR-Posting-Host: 207.46.193.207
    | | > | > | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?=
    | <>
    | | > | > | > | References:
    | <>
    | | > | > | > <>
    | | > | > | > <>
    | | > | > | > <uE4PtN$>
    | | > | > | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
    | | > | > | > | Date: Mon, 16 Jul 2007 15:06:04 -0700
    | | > | > | > | Lines: 115
    | | > | > | > | Message-ID:
    | <>
    | | > | > | > | MIME-Version: 1.0
    | | > | > | > | Content-Type: text/plain;
    | | > | > | > | charset="Utf-8"
    | | > | > | > | Content-Transfer-Encoding: 7bit
    | | > | > | > | X-Newsreader: Microsoft CDO for Windows 2000
    | | > | > | > | Content-Class: urn:content-classes:message
    | | > | > | > | Importance: normal
    | | > | > | > | Priority: normal
    | | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    | | > | > | > | Newsgroups: microsoft.public.windows.server.networking
    | | > | > | > | Path: TK2MSFTNGHUB02.phx.gbl
    | | > | > | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | | > | > | > microsoft.public.windows.server.networking:5812
    | | > | > | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    | | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | | > | > | > |
    | | > | > | > | again I Appreciate your response but this works with XP, XP
    | sends
    | | > the
    | | > | > | > message
    | | > | > | > | to IAS that it wants to use PEAP authentication where as
    | Vista
    | | > sends
    | | > | > the
    | | > | > | > | message to use EAP (which is not configured and is not
    | something
    | | > i
    | | > | > want
    | | > | > | > to
    | | > | > | > | use) even though Vista is configured to use PEAP.
    | | > | > | > | So although these error message will probably help with
    | someone
    | | > who
    | | > | > wants
    | | > | > | > to
    | | > | > | > | use EAP-TLS without having properly configured it. They
    don't
    | | > really
    | | > | > shed
    | | > | > | > any
    | | > | > | > | light on my problem.
    | | > | > | > |
    | |
    |
    |
     
    Ken Zhao [MSFT], Jul 26, 2007
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.