Windows 2000 Workstation in a Workgroup Cannot Connect to Domain Using Smart Card for EAP/TLS (254176)
The information in this article applies to:
- Microsoft Windows 2000 Professional
This article was previously published under Q254176 SYMPTOMS
When you try to connect to a domain-based network from a Windows 2000-based workstation that is a member of a workgroup, you may find that you cannot connect to the network. The workstation is using a smart card for Extensible Authentication Protocol /Transport Layer Security (EAP/TLS) authentication.
CAUSE
This behavior occurs when the Windows 2000-based workstation cannot load domain policy, which is necessary to make the root certificates available to the user and server certificate stores for authentication.
RESOLUTION
To work around this issue, reduce security by disabling the validation of the server's certificate on the Windows 2000-based workstation:
- On the Start menu, point to Accessories, point to
Communications, and then click Network and
Dial-up Connections.
- Right-click the appropriate network connection icon, and then
click Properties.
- In the network connection dialog box, click the Security
tab.
- In Security Options, click Advanced (Custom
Settings), and then click Settings.
- In the Advanced Security Settings dialog box, in Logon
Security, click Properties under Use Extensible
Authentication Protocol (EAP). (The Use Extensible
Authentication Protocol (EAP) option is selected by
default.)
- In the Smart Card or other Certificate
Properties dialog box, click to clear the Validate Server
Certificate check box, and then click OK.
| Modification Type: | Major | Last Reviewed: | 11/7/2003 |
|---|
| Keywords: | kbprb KB254176 |
|---|
|