Article ID: 313695
Article Last Modified on 9/26/2005
APPLIES TO
- Microsoft Windows XP Professional
This article was previously published under Q313695
SYMPTOMS
When you try to connect to a Remote Access Service (RAS) server that is configured to use Extensible Authentication Protocol with Transport Level Security (EAP-TLS), you may experience one of the following behaviors:
- You are repeatedly prompted to select a server with which to authenticate.
-or-
- Authentication is not successful.
CAUSE
This behavior can occur if both of the following conditions are true:
- You try to connect with a remote access or a wireless (802.1x) client computer.
-and-
- Multiple Remote Authentication Dial-In User Service (RADIUS) servers exist with which to authenticate.
RAS client computers, or client computers that connect by using wireless (802.1x) connections, verify the server certificate by default when EAP-TLS authentication is used. This prevents a connection to rogue servers. However, only a single server name and a single root certificate can be used. The client computer tries to connect to the first available server. In a multiple-network environment, where more than one RADIUS server is present, 802.1x machine authentication may be unsuccessful. Also, as other servers are detected, you may be repeatedly prompted to authenticate.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The English-language version of this fix should have the following file attributes or later:
Date Time Version Size File name --------------------------------------------------- 05-Dec-2001 16:33 5.1.2600.22 57,344 Rastls.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1.
MORE INFORMATION
This update permits a list of server names and trusted root certificates instead of a single server name and a single root certificate. The user interface is changed to display these selections. This permits you to configure certificate authentication in a large, multiple-RADIUS server network configuration.
For additional information about EAP-TLS, browse to the following Web site:
Keywords: kbbug kbfix kbqfe kbnetwork kbwinxpsp1fix kbhotfixserver KB313695