Microsoft KB Archive/838502

= 802.1x client authentication fails when you connect to a Windows Server 2003-based computer that is running IAS =

Article ID: 838502

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

-





SYMPTOMS
When you configure a client computer to use IEEE 802.1x authentication, you may find that you cannot connect to a Microsoft Windows Server 2003-based computer that is running Internet Authentication Services (IAS).

You may receive an error message in the application event log on the Windows Server 2003-based computer that is similar to the following:

Event Type: Warning

Event Source: IAS

Event ID: 2

Authentication-Type = PEAP

Reason-Code = 262

Reason = The supplied message is incomplete. The signature was not verified.



CAUSE
The issue that is described in the &quot;Symptoms&quot; section may occur if both of the following conditions are true:
 * IAS is installed on the Windows Server 2003-based computer.
 * The Trusted Root CA certificate is not installed on the client computer.



RESOLUTION
To resolve this issue, follow the appropriate method:

Method 1: Disable certificate validation on the client computer
To do this, follow these steps:
 * 1) Click Start, and then click Control Panel.
 * 2) Double-click Network Connections.
 * 3) Right-click the connection that you use to connect to the Windows Server 2003-based computer, and then click Properties.
 * 4) On the Authentication tab, click Properties.
 * 5) Click to clear the Validate server certificate check box.

Method 2: Install the trusted root certification authority on the client computer
 Start Microsoft Internet Explorer. In the Address box, type the following address:

http:// /certsrv

Note Replace  with the name of the server where the certification authority (CA) is stored. Click Download a CA certificate, certificate chain, or CRL. Under CA Certificate, click the CA that you want to install, and then click Download CA Certificate. On the File Download page, click Open. Click Install certificate.</li> Click Next.</li> Click Automatically select the certificate store based on the type of certificate, and then click Next.</li> Click Finish.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
For additional information about using 802.1x authentication on Microsoft Windows 2000-based computers, click the following article number to view the article in the Microsoft Knowledge Base:

313664 Using 802.1x authentication on computers running Windows 2000

Keywords: kbsecurityservices kbnetwork kbwinservnetwork kbprb KB838502

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.