802.1x client authentication fails when you connect to a Windows Server 2003-based computer that is running IAS (838502)


The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition

SYMPTOMS

When you configure a client computer to use IEEE 802.1x authentication, you may find that you cannot connect to a Microsoft Windows Server 2003-based computer that is running Internet Authentication Services (IAS).

You may receive an error message in the application event log on the Windows Server 2003-based computer that is similar to the following:

Event Type: Warning
Event Source: IAS
Event ID: 2
Authentication-Type = PEAP
Reason-Code = 262
Reason = The supplied message is incomplete. The signature was not verified.

CAUSE

The issue that is described in the "Symptoms" section may occur if both of the following conditions are true:
  • IAS is installed on the Windows Server 2003-based computer.
  • The Trusted Root CA certificate is not installed on the client computer.

RESOLUTION

To resolve this issue, follow the appropriate method:

Method 1: Disable certificate validation on the client computer

To do this, follow these steps:
  1. Click Start, and then click Control Panel.
  2. Double-click Network Connections.
  3. Right-click the connection that you use to connect to the Windows Server 2003-based computer, and then click Properties.
  4. On the Authentication tab, click Properties.
  5. Click to clear the Validate server certificate check box.

Method 2: Install the trusted root certification authority on the client computer

  1. Start Microsoft Internet Explorer.
  2. In the Address box, type the following address:

    http://ServerName/certsrv

    Note Replace ServerName with the name of the server where the certification authority (CA) is stored.
  3. Click Download a CA certificate, certificate chain, or CRL.
  4. Under CA Certificate, click the CA that you want to install, and then click Download CA Certificate.
  5. On the File Download page, click Open.
  6. Click Install certificate.
  7. Click Next.
  8. Click Automatically select the certificate store based on the type of certificate, and then click Next.
  9. Click Finish.

MORE INFORMATION

For additional information about using 802.1x authentication on Microsoft Windows 2000-based computers, click the following article number to view the article in the Microsoft Knowledge Base:

313664 Using 802.1x authentication on computers running Windows 2000

Modification Type:MajorLast Reviewed:8/24/2006
Keywords:kbSecurityServices kbnetwork kbwinservnetwork kbprb KB838502 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.