Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, April 16, 2012 10:43 AM
Hi,
I recently performed troubleshooting of the same issue in two different Active Directory forests in a short period of time, and would like to investigate the root cause.
The following is true for both environments:
Wireless clients: Windows 7 Enterprise with SP1
NPS Server: Windows Server 2008 R2 Standard with SP1
Domain Controllers: Mix of Windows Server 2003 R2 Standard SP2 and Windows Server 2008 R2 Standard with SP1
Certification Authorities: Single-tier CA running Windows Server 2008 R2 Standard with SP1
Wireless authentication: "EAP: Microsoft Smard Card or other certificate"
The problem was wireless clients suddenly being unable to connect to the wireless network, without any known changes being made to the infrastructure.
In the WLAN-Autoconfig eventlog on the client computers we received the following event:
Event ID 8002 — 802.11 Wireless Connectivity
http://technet.microsoft.com/en-us/library/cc735927(v=ws.10).aspx
The reason code we received is not mentioned in the article: "Explicit EAP failure received".
In the first case I went through a few hours of troubleshooting on a client that was also connected to the network through a wired connection.
I used Network Monitor to investigate, and saw that the client sent several "EAP Request, Type=PEAP", and received "EAP:Failure" after 5 retries.
Using Network Monitor on the NPS server I also saw EAP Requests and Responses which ended with "EAP: Failure" in the end.
The issue was resolved by changing EAP Types on both the NPS Server and in the client settings (using GPO) from "Microsoft: Protected EAP (PEAP)" to "EAP: Microsoft Smard Card or other certificate".
In the second event in the other environment the problem was resolved by rebooting the NPS server.
I know it`s hard to troubleshoot a problem that has been resolved, but what I`m looking for is basically the possible reasons for the "Explicit EAP failure received", and some guidelines on how to troubleshoot the issue if it occurs again.
Jan Egil Ring
Blog: http://blog.powershell.no
Twitter: http://twitter.com/janegilring
All replies (6)
Tuesday, April 17, 2012 3:07 AM ✅Answered
Hi Jan Egil Ring,
Thanks for posting here.
So which authentication methods did we set to use in network or connection request policies that we defined in NPS server ? what OS is running on client ?
There are many reasons could cause “Explicit EAP failure received”. Usually we will first to collect the wireless logs by enabling logging with command “netsh ras set tracing * enable” and “netsh wlan set tracing mode=yes” at client when this issue be reproduced and analyze entries in its corresponding logging file.
The detail troubleshooting and diagnostics methods and procedures could be acquired from the links bleow:
Troubleshooting Windows Vista 802.11 Wireless Connections
http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx
A Support Guide for Wireless Diagnostics and Troubleshooting
http://technet.microsoft.com/en-us/library/bb457018.aspx
Authentication Problem on a 802.1x Wireless Network
And the links below should help us to perform the authenticated wireless network deployment :
802.1X Authenticated Wireless Access
http://technet.microsoft.com/en-us/library/cc771455(WS.10).aspx
Wireless Networking
http://technet.microsoft.com/en-us/network/bb530679.aspx
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact [email protected].
Tiger Li
TechNet Community Support
Wednesday, April 18, 2012 7:43 AM ✅Answered
Hi,
Thanks for update.
> Specified in the Connection request policy on the NPS server:
>EAP Types: Microsoft: Smart Card or other certificate
OK, so we were select to use digital certificate authentication method (EAP-TLS). So incorrect user and computer certificate might will be a potential issue. Try to follow the steps in the checklist below in order to ensure all these settings have been properly set in case any misconfiguration:
Checklist: Implementing 802.1X Authenticate Wireless Access
http://technet.microsoft.com/en-us/library/dd283023(WS.10).aspx
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact [email protected].
Tiger Li
TechNet Community Support
Tuesday, April 17, 2012 7:19 PM
Thanks for your guidance, very useful.
In terms of authentication methods, this is the client settings (deployed in a GPO):
Authentication: WPA2-Enterprise
Encryption: TKIP
Network authentication method: Microsoft: Smart Card or other certificate
Authentication mode: Computer authentication
Specified in the Connection request policy on the NPS server:
EAP Types: Microsoft: Smart Card or other certificate
Conditions: NAS Port Type = Wireless - IEEE 802.11 and membership for an Active Directory security group
The clients is running Windows 7 Enterprise with SP1.
Jan Egil Ring
Blog: http://blog.powershell.no
Twitter: http://twitter.com/janegilring
Thursday, April 19, 2012 10:29 AM
Hi,
Please feel free to let us know if the information was helpful to you.
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact [email protected].
Tiger Li
TechNet Community Support
Thursday, April 19, 2012 10:10 PM
Thank you for your assistance, it was very helpful.
Jan Egil Ring
Blog: http://blog.powershell.no
Twitter: http://twitter.com/janegilring
Wednesday, October 19, 2016 1:34 AM
I got a same problem today and resolved by deleting the expired certificate.
Refer to : https://support.microsoft.com/en-au/kb/2494172