Microsoft KB Archive/254176

= Windows 2000 Workstation in a Workgroup Cannot Connect to Domain Using Smart Card for EAP/TLS =

Article ID: 254176

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q254176



SYMPTOMS
When you try to connect to a domain-based network from a Windows 2000-based workstation that is a member of a workgroup, you may find that you cannot connect to the network. The workstation is using a smart card for Extensible Authentication Protocol /Transport Layer Security (EAP/TLS) authentication.



CAUSE
This behavior occurs when the Windows 2000-based workstation cannot load domain policy, which is necessary to make the root certificates available to the user and server certificate stores for authentication.



RESOLUTION
To work around this issue, reduce security by disabling the validation of the server's certificate on the Windows 2000-based workstation:


 * 1) On the Start menu, point to Accessories, point to Communications, and then click Network and Dial-up Connections.
 * 2) Right-click the appropriate network connection icon, and then click Properties.
 * 3) In the network connection dialog box, click the Security tab.
 * 4) In Security Options, click Advanced (Custom Settings), and then click Settings.
 * 5) In the Advanced Security Settings dialog box, in Logon Security, click Properties under Use Extensible Authentication Protocol (EAP). (The Use Extensible Authentication Protocol (EAP) option is selected by default.)
 * 6) In the Smart Card or other Certificate Properties dialog box, click to clear the Validate Server Certificate check box, and then click OK.

Additional query words: win2krelnotes

Keywords: kbprb KB254176

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.