Q

NAC solution authentication fix for your wireless network

Learn how to fix authentication issues when testing your NAC solutions with 802.11a/g wireless APs, in this Ask the Expert response.

We are testing NAC solutions with our Aruba 802.11a/g wireless APs, using Windows 802.1X supplicants. When the user logs on, the Windows roaming profile download fails when the connection is re-established during transition from Machine authentication to User authentication. Do you know of any workaround for this problem?

A Windows roaming profile contains environmental information (like desktop items) associated with an individual who uses multiple computers. Whenever that user logs onto a Windows PC, his or her roaming profile is automatically copied from the domain controller to the local computer to provide a consistent environment.

Microsoft's website describes a roaming profile problem that might be what you're experiencing. Specifically, Windows XP users who authenticate with 802.1X and EAP-TLS or PEAP may intermittently fail to download their roaming profiles. According to knowledge base article 938117:

"This problem occurs because EAP-TLS and PEAP-TLS use a client certificate to validate the network connection. The roaming profiles that contain the certificate are stored on a domain controller. When you try to download the roaming profiles after you restart the computer, Windows XP also tries to re-authenticate the user. User re-authentication times out before you can download the roaming profiles."

Microsoft recommends two workarounds for this problem. Either stick to machine (computer) authentication only, or reduce the size of the roaming profile so that the download completes faster. You can configure either EAP-TLS or PEAP to "authenticate as the computer when computer information is available" by using the Authentication tab on the Wireless Connection's Properties panel.

This was first published in January 2008

Dig deeper on Network Access Control

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

This Content Component encountered an error

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close