Share via

Windows 10 enterprise , Secureboot blocking connecting to Wireless

Question

Monday, August 29, 2016 3:14 PM

       

I'm testing windows 10 on our network and I am having an issue connecting to our enterprise WIFI when I turn secureboot on.

Wifi is doing computer validation using windows PEAP. I have found online to change registry settings to force TLS 1.0 however this did not work. I have no issues connecting to the wireless when I turn secureboot off.    I'm not doing certificate validation.
I have my windows 10 image on 2 different hardware.. surface pro 4s, and dell 5470s.  Secureboot must be shut off for enterprise wifi to work.

Can someone explain to me what secureboot is doing that could be blocking PEAP computer validation on enterprise wifi?

I can connect to other wifi connections using just passwords. The wireless itself is working. Just computer validation/PEAP seems to be an issue when secureboot is enabled.

The enterprise wifi is working fine on windows 7 and 8.1 systems.

Using aruba wifi termination is at the radius server using aruba clearpass.

I have dumped the pcap for the authentication attempt. Its using TLS version 1.0 (0x0301)

Eap request
Eap response
SSL client Hello
EAP Request, PEAP
EAP Response , PEAP
TLSv1 server hello
TLSv1 client key exchange
TLSv1 change cipher Spec Encrypted Handshake message
you see the TLSv1 application data
server >host
host > server
server > host

and the application data just stops, if you look at a successful connection the application data keys going then you see eap success and EAPOL key.

It looks like the host just stops responding half way through but the data is encrypted so I can see where its failing.

Task Category OneXAuthentication

Wireless 802.1x authentication failed. 

Network Adapter: Marvell AVASTAR Wireless-AC Network Controller

Interface GUID: {f75149f1-280b-4b19-a25c-76b7b6153477}

Local MAC Address: XX:XX:XX:XX:XX:XX

Network SSID: my_Wifi

BSS Type: Infrastructure

Peer MAC Address: XX:XX:XX:XX:XX:XX

Identity: host/<hostname>

User:

Domain:

Reason: Explicit Eap failure received

Error: 0x80070285

EAP Reason: 0x285

EAP Root cause String: There was an internal authentication error.

EAP Error: 0x285

Details

System
- Provider
[
Name]		 Microsoft-Windows-WLAN-AutoConfig
[
Guid]		 {9580D7DD-0379-4658-9870-D5BE7D52D6DE}
EventID 12013
Version 0
Level 2
Task 24014
Opcode 205
Keywords 0x8000000000000600
- TimeCreated
[
SystemTime]		 2016-08-16T16:43:25.770087100Z
EventRecordID 1149
Correlation
- Execution
[
ProcessID]		 592
[
ThreadID]		 7556
Channel Microsoft-Windows-WLAN-AutoConfig/Operational
- Security
[
UserID]		 S-1-5-18
- EventData
Adapter Marvell AVASTAR
Wireless-AC Network Controller
DeviceGuid {F75149F1-280B-4B19-A25C-76B7B6153477}
LocalMac
SSID
BSSType Infrastructure
PeerMac
Identity
User
Domain
ReasonText Explicit Eap failure
received
ReasonCode 0x50005
ErrorCode 0x80070285
EAPReasonCode 0x285
EAPRootCauseString There was an internal
authentication error.
EAPErrorCode 0x285
ConnectionId 0x13
ExplicitCredentials false

thank you

All replies (4)

Wednesday, August 31, 2016 9:22 AM ✅Answered

Hi ,

Well, I have never seen that Secure boot broke wireless connection before, based on my understanding, It might be related to Windows 10 new features. I found a similar case that Windows 10 Credential Guard breaks WiFi connection. Please check the following similar case and setup PKI and radius server to have a try.

Windows 10 Credential Guard breaks WiFi
"For a Credential Guard enabled computer to authenticate to a WPA2-Enterprise wireless network, the network must use certificate based authentication.  In my case, we already had the PKI in place, so it was a simple matter of configuring the RADIUS server to accept certificate based authentication and changing the Wireless Settings in our GPO to use a certificate for authentication instead of the Secured Password option."
http://www.neighborgeek.net/2016/08/windows-10-credential-guard-breaks-wifi.html
NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.

Best regards

Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

Monday, August 29, 2016 3:17 PM

I deleted the hostname  and wifi information / mac address information. It all exists in the event logs.

Wednesday, August 31, 2016 1:45 PM

My understanding is credential Guard is only enabled when secureboot is on so it may be related. I will give this a shot ,
Thank you

Tuesday, February 5, 2019 7:36 PM

Did you ever get this working?  My wifi only auto-connects if manually completed on the windows 10 logon page or automatically once/after the user has logged in but logons are slow and the drives are not mapped.

Wireless 802.1x authentication failed.

Network Adapter: Intel(R) Dual Band Wireless-AC 8265
Interface GUID: {cb6c4490-5773-498f-9dd5-3065eef7xxxx}
Local MAC Address: 34:41:5D:5F:xx:xx
Network SSID: xx
BSS Type: Infrastructure
Peer MAC Address: E2:55:6D:18:xx:xx
Identity: host/xx
User: 
Domain: 
Reason: Explicit Eap failure received
Error: 0x80070285
EAP Reason: 0x285
EAP Root cause String: There was an internal authentication error.
EAP Error: 0x285

Wireless security failed.

Network Adapter: Intel(R) Dual Band Wireless-AC 8265
Interface GUID: {cb6c4490-5773-498f-9dd5-3065eef7xxxx}
Local MAC Address: 34:41:5D:5F:xx:xx
Network SSID: xx
BSS Type: Infrastructure
Peer MAC Address: E2:55:6D:18:xx:xx
Reason: Explicit Eap failure received
Error: 0x80070285