Wireless Access

Reply

windows 10 WPA2 enterprise authentication

Hi , windows 10 WPA2 enterprise authentication failed after windows 10 Nov update. We use clearpass for authentication, the clearpass supports TLS1.2, and already enabled.  Please advise how should we configure controller to support windows 10 client authentication. Thanks in advance.

Guru Elite

Re: windows 10 WPA2 enterprise authentication

Does your controller have termination enabled in the 802.1x profile?  If yes, turn it off.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: windows 10 WPA2 enterprise authentication

Hi Colin, thanks for your reply.  The termination is enabled ,but not tick eap-tls. Does it still affect TLS?

 

 

Guru Elite

Re: windows 10 WPA2 enterprise authentication

Disable termination on the controller...

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: windows 10 WPA2 enterprise authentication

Section 1 - Enable the Wireless Auto Config Service:
1. From the Windows 10 Start screen, type Control Panel and then press the Enter key. This will search for and automatically open the Control Panel.
2. Select Administrative Tools.
3. Select Services.
4. Right click on WLAN AutoConfig and select Properties.
5. Set Startup type: to Automatic, click Apply, then click OK.
6. Restart the computer.

Section 2 - Configure the Native 802.1x Client:
1. From the Windows 10 Start screen, type Control Panel and then press the Enter key. This will search for and automatically open the Control Panel.
2. Click Network and Sharing Center.
3. Click Set up a new connection or network.
4. Select Manually connect to a wireless network, then click Next.
5. Enter the following settings, then click Next.
6. Click the Security tab and enter the following settings:
a. Choose a network authentication method should be set to PEAP
b. Remember my credentials should be unchecked
c. Click the Settings button next to Choose a network authentication method
7. Enter the following settings:
a. Verify the server's identity by validating the certificate is checked
b. Connect to these servers is checked and set to ias.cssd.pitt.edu
c. USERTrust RSA Certification Authority is checked under Trusted Root Certification Authorities
d. The Notifications before connecting: option is set to Don't ask user to authorize new servers or trusted CAs
e. Select Authentication Method is set to Secured password (EAP-MSCHAP v2)
f. Enable fast reconnect is checked
g. Click Configure next to Select Authentication Method
8. Enter the following settings:
a. Uncheck Automatically use my Windows logon name and password (and domain if any)
b. Click OK
9. Click OK.
10. Click OK.
11. Click Close.
12. Click the network status indicator icon in the system tray, select WIRELESS-PITTNET, and click Connect.
13. Enter your University Computing Account username and password.
Troubleshooting: Removing Your Previous Wireless PittNet Connection:
1. From the Windows 10 Start screen, click Settings.
2. Click Network and Internet.
3. Click Services.
4. Select Wi-Fi, then click Manage Wi-Fi Settings.
5. Select Wireless PittNet, then click Forget.
6. Continue your Wireless PittNet configuration

Disable Dell Wireless Networking Software:
1. Right click on the Dell Wireless Utility, located in the System tray. It is represented by several green bars.
2. Click Open.
3. Click the Wireless Networks tab. Uncheck the Let this tool manage your wireless settings checkbox.
4. Click Apply then click OK.

 

 

New Contributor

Re: windows 10 WPA2 enterprise authentication

Section 1 - Enable the Wireless Auto Config Service: 1. From the Windows 10 Start screen, type Control Panel and then press the Enter key. This will search for and automatically open the Control Panel. 2. Select Administrative Tools. 3. Select Services. 4. Right click on WLAN AutoConfig and select Properties. 5. Set Startup type: to Automatic, click Apply, then click OK. 6. Restart the computer. Section 2 - Configure the Native 802.1x Client: 1. From the Windows 10 Start screen, type Control Panel and then press the Enter key. This will search for and automatically open the Control Panel. 2. Click Network and Sharing Center. 3. Click Set up a new connection or network. 4. Select Manually connect to a wireless network, then click Next. 5. Enter the following settings, then click Next. 6. Click the Security tab and enter the following settings: a. Choose a network authentication method should be set to PEAP b. Remember my credentials should be unchecked c. Click the Settings button next to Choose a network authentication method 7. Enter the following settings: a. Verify the server's identity by validating the certificate is checked b. Connect to these servers is checked and set to ias.cssd.pitt.edu c. USERTrust RSA Certification Authority is checked under Trusted Root Certification Authorities d. The Notifications before connecting: option is set to Don't ask user to authorize new servers or trusted CAs e. Select Authentication Method is set to Secured password (EAP-MSCHAP v2) f. Enable fast reconnect is checked g. Click Configure next to Select Authentication Method 8. Enter the following settings: a. Uncheck Automatically use my Windows logon name and password (and domain if any) b. Click OK 9. Click OK. 10. Click OK. 11. Click Close. 12. Click the network status indicator icon in the system tray, select WIRELESS-PITTNET, and click Connect. 13. Enter your University Computing Account username and password. Troubleshooting: Removing Your Previous Wireless PittNet Connection: 1. From the Windows 10 Start screen, click Settings. 2. Click Network and Internet. 3. Click Services. 4. Select Wi-Fi, then click Manage Wi-Fi Settings. 5. Select Wireless PittNet, then click Forget. 6. Continue your Wireless PittNet configuration Disable Dell Wireless Networking Software: 1. Right click on the Dell Wireless Utility, located in the System tray. It is represented by several green bars. 2. Click Open. 3. Click the Wireless Networks tab. Uncheck the Let this tool manage your wireless settings checkbox. 4. Click Apply then click OK.

Guru Elite

Re: windows 10 WPA2 enterprise authentication

bradpitt3423,

 

Those instructions are not correct.  The user just wants to sidestep an EAP-TLS 1.2 issue, and all they had to do was remove termination, not reconfigure their client...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: windows 10 WPA2 enterprise authentication

aruba gurus,

 

i think the issue also affecting windows 10 users that ran the Nov 2015 update without radius.

I've enable termination and its affecting me.

 

the issue only resolve after i disable TLS 1.2 by modifying the registry..

 

please asist.

 

Thx

Guru Elite

Re: windows 10 WPA2 enterprise authentication

A RADIUS server is recommended.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: windows 10 WPA2 enterprise authentication

the user doen't have any radius and they dont want to use the FreeRadius. Is the issue fixed with the latest aruba os.

 

is the issue is Bug id: 129144.

 

if yes, i can see the issue is resolved with the latest aruba os. can you confirmed this.

 

Thx

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: