A client computer cannot connect to a wireless network if the wireless GPO is applied to a wireless network server that is running Windows Server 2003 (913540)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003 SP1
  • Microsoft Windows XP Service Pack 1

SYMPTOMS

Consider the following scenario. You have a client computer that is running Microsoft Windows XP Service Pack 1 (SP1). The hotfix that is described in one of the following Microsoft Knowledge Base articles is installed on this computer:

826942 Wireless update rollup package for Windows XP is available

892087 "At least one of your changes was not applied successfully to the wireless configuration" message when you try to add a wireless network to a Windows XP Professional-based computer

Additionally, this computer can connect to a wireless network server that is running Microsoft Windows Server 2003. After you create a wireless Group Policy object (GPO) on a computer that is running Microsoft Windows Server 2003, the Windows XP SP1-based client computer can no longer connect to the wireless network. Additionally, the following errors are logged in the Eapol.log file:
[988] 11:49:02: ElGetUserIdentity: NULL sized EAP blob: continue
[988] 11:49:02: ElGetUserIdentity: Error in calling GetIdentity = 703
Notes
  • You create the wireless GPO on a computer that is running one of the following Windows Server 2003 installations:
    • Windows Server 2003 SP1
    • Windows Server 2003 with the hotfix from Knowledge Base article 811233 installed
  • The Eapol.log file is located in the %windir%\Tracing folder. To enable this log, type the following at a command prompt:

    netsh ras set tracing eapol enabled

    Note %windir% is the folder in which Windows is installed. By default, Windows is installed in the C:\Windows folder.
  • A client computer that is running Windows XP Service Pack 2 (SP2) can connect to the wireless network, even if the wireless GPO is applied to the wireless network.

CAUSE

This problem occurs because the binary large object (BLOB) that is sent to the client computer does not contain information about Extensible Authentication Protocol (EAP) authentication. In other words, the EAP binary large object is null. The binary large object is provided by the wireless GPO.

Note When the binary large object is null, a computer that is running Windows XP SP2 can create a default binary large object to connect to the wireless network.

RESOLUTION

To resolve this issue, follow these steps:
  1. Start the Group Policy Object Editor.
  2. Expand Windows Settings for Computer Configuration, and then expand Security Settings.
  3. In the console tree, right-click Wireless Network (IEEE 802.11) Policies, and then click Create Wireless Network Policy.
  4. In the New Wireless Network Policy Properties dialog box, click Add to add a preferred network on the Preferred Networks tab.
  5. On the IEEE 802.1x tab, click Smart Card or other certificate in the EAP type field. Click Settings to configure the properties of the selected EAP type.
This resolution makes sure that, when you create the wireless policy, the wireless GPO has an EAP binary large object.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Modification Type:MinorLast Reviewed:3/7/2006
Keywords:kbtshoot kbbug KB913540 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.