Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, January 5, 2016 8:23 AM | 1 vote
Hello,
in our company we implemented 802.1x authentication. Mainly we use Win7 Enterprise. There is no problem to connect to another win7 Workstation..
Colleagues, who migrated to Win10 are having problems with RDP connection to their Win10 PCs.
After they try connect to their Workstation, their PC (lets say originally having IP 192.168.10.10) are immediately disconnecting (it asks for creds, creds accepted.. remote desktop is loading.. +-10sec and it disconnects). The remote PC changes the IP to 192.110.x.y - our unsecure VLAN where 802.1x is not implemented). Ofc, it takes a while when DNS servers register the new IP address so the PC is unavailable for like 30min-1hour, before u can connect via RDP again (I dont know the new IP address from remote location, I just need to wait till the new ip address is resolved by hostname).
Someone experiencing that as well?
What can couse the issue? Is it Win10 bug (since w7 are working fine with same certificates)? Do i need to raise the ticket to our networking engineers?
Regards ..
All replies (11)
Thursday, January 14, 2016 12:27 PM ✅Answered | 1 vote
Hi,
update:
We tested the connection from WAN, VPN, Local network .. same results. I could be connected to Win10 via powershell, UNC, etc... no problem. Then i connected to it via RDP and after a while (<3min) the 802.1x authentication failed and i got disconnected due to different IP adddress.
Then we installed Cisco Anyconnect + Cisco Network Access Manager. After reboot, i tested the connection again and so far so good, the connection wont drop, IP address is still the same (checking it for 20min+, pinging..).
I havent installed any new certificates and so on. Now it works, with same settings, same certificates but with Cisco Anyconnect software installed as well ..
I dont know if i should mark this as an answer, would be happy to hear if someone has the same experience .. (why i got votes on usefull posts i dont know) ...
Wednesday, January 6, 2016 5:49 AM | 1 vote
You should probably use Wireshark and check where the connection is getting dropped.
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Wednesday, January 6, 2016 6:21 AM | 1 vote
Hi Mekac,
Have you got any error messages when established the rdp connection or are there any error messages recorded in the Event Viewer?
As far as I know, 802.1x is used to authenticate the network connection when connected to the network. Once the authentication is successful, it should work as a normal network connection.
According to your description, the issue seems to be related to the IP configuration of the Windows 10 machine. We could try to RDP with the FQDN to have a test. Please clear the local DNS cache(ipconfig /flushdns). Before we tried to remote to Windows 10, please try to ping it firstly.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, January 6, 2016 7:23 AM | 1 vote
Hi,
thanks for your feedback.
I am experiencing this for quite long time.
My replies to your suggestions:
1) Only error or warning on EventLog - System is:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
NTLM is a weaker authentication mechanism. Please check:
Which applications are using NTLM authentication?
Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
If NTLM must be supported, is Extended Protection configured?
After this, there are some other errors related to dropped connection (cant find DNS server and so on)
2) I always ping the workstation to see how long the connection is working .. It timeouts just after i barely logon remotely (sometimes i see the remote desktop)
3) I always use FQDN
4) I use DHCP settings. The issue is the same if I set STATIC IP
5) After i log in locally to W10 station using cached credentials, the problem is self-repaired in 10-30sec. The W10 is reachable from other stations, until i try to remote connection again.
... due to Win10 causing locking user account in domain environment, i have "wait for the network" thing in local policy. I used "Do not require Kerberos preauthentication" but i causes some issues with Cisco Jabber.
Still, i dont see the problem is coused by this settings.
There are also some stuffs in Security eventLog:
A request was made to authenticate to a wired network.
Subject:
Security ID: NULL
Account Name: -
Account Domain: -
Logon ID: 0x0
Interface:
Name: Intel(R) 82567LM Gigabit Network Connection
Additional Information
Reason Code: Explicit Eap failure received (0x50005)
Error Code: 0x80420014
....
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 888
Application Name: \device\harddiskvolume2\windows\system32\svchost.exe
Network Information:
Direction: Inbound
Source Address: <my source IP from remote location>
Source Port: 50250
Destination Address: <my Win10 IP before it changes to .. something else>
Destination Port: 3389
Protocol: 6
Filter Information:
Filter Run-Time ID: 0
Layer Name: Receive/Accept
Layer Run-Time ID: 44
Wednesday, January 6, 2016 7:40 AM | 1 vote
.. Aditional information from Applications and Services Logs/Microsoft/Windows/Wired-AutoConfig/Operational log:
8:38
Wired 802.1X Authentication succeeded. (my Win10 PC is running on remote location, is reachable, i can connect to it via PSSession)
9:05 (in the loop with next message from 9:06)
Wired 802.1x Authentication failed. (i just connected to it via RDP using my domain credentials)
Reason: 0x50005
Reason Text: A certificate could not be found that can be used with this Extensible Authentication Protocol
Error code: 0x80420014
9:06
Network authentication attempts have been temporarily suspended on this network adapter
.. then I logged in locally on my win10
next day. 7:50
Wired 802.1x authentication Succeeded.
Thursday, January 7, 2016 2:12 AM | 1 vote
Hi Mekac,
As far as I know, the 802.1x Authentication have two types certificates. One for machine and one for user.
"A certificate could not be found that can be used with this Extensible Authentication Protocol"
It seems that your personal certificate for 802.1x Authentication is not installed on the machine. As a result, the network connection is limited for the user. Please contact the network administrator to get your personal certificate for 802.1x Authentication. The certificate should be located in your "Personal" store catalog.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, January 7, 2016 8:35 AM | 1 vote
Hi,
my certificates should to be OK (both computer and user certificates). I have really no problem using them on my 2nd Win7 PC as well, and as u can see in my previous post, I can authenticate to 802.1x with no problem (when im logged on locally).
The W10 is reachable, can connect to it via remote PS Session (powershell) unless i connect to it via RDP. Then the authentication fails (why???) and W10 gets to limited network.
I already contacted our network admin, we are gonna try some stuffs today ...
Monday, January 11, 2016 1:48 AM | 1 vote
Hi Mekac,
How about the issue, is there anything to update?
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, January 11, 2016 6:40 AM | 1 vote
The issue is still not resolved. Ill post another info later today
Regards...
Friday, January 15, 2016 2:23 AM
Hi Mekac,
"my certificates should to be OK"
I would assume you have verified that the user certificate is located in the "Personal" store (certmgr.msc).
According to your last reply, the workaround is to use Cisco Anyconnect VPN , right?
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Friday, January 15, 2016 6:56 AM
Yep. My certificate is located in the Personal store.
After installing Cisco Anyconnect VPN (just installed, not actually connecting through it to our VPN gateway) .. the RDP connection kept alive.
**Network Access Manager Module - Windows / Standalone installer (MSI) -
**anyconnect-nam-win-4.2.01035-k9.msi
**Full installation package - Windows / Head-end deployment (PKG) **
anyconnect-win-4.2.01035-k9.pkg