Ask the Expert

NAC solution authentication fix for your wireless network

We are testing NAC solutions with our Aruba 802.11a/g wireless APs, using Windows 802.1X supplicants. When the user logs on, the Windows roaming profile download fails when the connection is re-established during transition from Machine authentication to User authentication. Do you know of any workaround for this problem?

    Requires Free Membership to View

A Windows roaming profile contains environmental information (like desktop items) associated with an individual who uses multiple computers. Whenever that user logs onto a Windows PC, his or her roaming profile is automatically copied from the domain controller to the local computer to provide a consistent environment.

Microsoft's website describes a roaming profile problem that might be what you're experiencing. Specifically, Windows XP users who authenticate with 802.1X and EAP-TLS or PEAP may intermittently fail to download their roaming profiles. According to knowledge base article 938117:

"This problem occurs because EAP-TLS and PEAP-TLS use a client certificate to validate the network connection. The roaming profiles that contain the certificate are stored on a domain controller. When you try to download the roaming profiles after you restart the computer, Windows XP also tries to re-authenticate the user. User re-authentication times out before you can download the roaming profiles."

Microsoft recommends two workarounds for this problem. Either stick to machine (computer) authentication only, or reduce the size of the roaming profile so that the download completes faster. You can configure either EAP-TLS or PEAP to "authenticate as the computer when computer information is available" by using the Authentication tab on the Wireless Connection's Properties panel.

This was first published in January 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: