Microsoft KB Archive/913540

= A client computer cannot connect to a wireless network if the wireless GPO is applied to a wireless network server that is running Windows Server 2003 =

Article ID: 913540

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003 SP1
 * Microsoft Windows XP Service Pack 1

-





SYMPTOMS
Consider the following scenario. You have a client computer that is running Microsoft Windows XP Service Pack 1 (SP1). The hotfix that is described in one of the following Microsoft Knowledge Base articles is installed on this computer:

826942 Wireless update rollup package for Windows XP is available

892087 &quot;At least one of your changes was not applied successfully to the wireless configuration&quot; message when you try to add a wireless network to a Windows XP Professional-based computer

Additionally, this computer can connect to a wireless network server that is running Microsoft Windows Server 2003. After you create a wireless Group Policy object (GPO) on a computer that is running Microsoft Windows Server 2003, the Windows XP SP1-based client computer can no longer connect to the wireless network. Additionally, the following errors are logged in the Eapol.log file: [988] 11:49:02: ElGetUserIdentity: NULL sized EAP blob: continue [988] 11:49:02: ElGetUserIdentity: Error in calling GetIdentity = 703 Notes  You create the wireless GPO on a computer that is running one of the following Windows Server 2003 installations:  Windows Server 2003 SP1 Windows Server 2003 with the hotfix from Knowledge Base article 811233 installed  The Eapol.log file is located in the %windir%\Tracing folder. To enable this log, type the following at a command prompt:

netsh ras set tracing eapol enabled

Note %windir% is the folder in which Windows is installed. By default, Windows is installed in the C:\Windows folder. A client computer that is running Windows XP Service Pack 2 (SP2) can connect to the wireless network, even if the wireless GPO is applied to the wireless network.</ul>

<div class="cause_section">

CAUSE
This problem occurs because the binary large object (BLOB) that is sent to the client computer does not contain information about Extensible Authentication Protocol (EAP) authentication. In other words, the EAP binary large object is null. The binary large object is provided by the wireless GPO.

Note When the binary large object is null, a computer that is running Windows XP SP2 can create a default binary large object to connect to the wireless network.

<div class="resolution_section">

RESOLUTION
To resolve this issue, follow these steps:
 * 1) Start the Group Policy Object Editor.
 * 2) Expand Windows Settings for Computer Configuration, and then expand Security Settings.
 * 3) In the console tree, right-click Wireless Network (IEEE 802.11) Policies, and then click Create Wireless Network Policy.
 * 4) In the New Wireless Network Policy Properties dialog box, click Add to add a preferred network on the Preferred Networks tab.
 * 5) On the IEEE 802.1x tab, click Smart Card or other certificate in the EAP type field. Click Settings to configure the properties of the selected EAP type.

This resolution makes sure that, when you create the wireless policy, the wireless GPO has an EAP binary large object.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Additional query words: CM 47728

Keywords: kbtshoot kbbug KB913540

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.