Wireless Access

last person joined: 3 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Authentication with EAP-PEAP on Windows 10

This thread has been viewed 31 times
  • 1.  Authentication with EAP-PEAP on Windows 10

    Posted Nov 22, 2015 01:56 AM

    I'm having the problem about access to the 802.1x SSID with Windows 10 (Only the Lastest updated 10.0 Build 10586)

    When I enable the "terminate" on the AAA profile, the clients that using windows 10 can not connect to the SSID, and when I uncheck the terminate option It working fine

    What the different between them?

     

    and I have attached the informations about the errors when I tried to connect it

     

    EAP-PEAP Errors.PNG

     



  • 2.  RE: Authentication with EAP-PEAP on Windows 10
    Best Answer

    EMPLOYEE
    Posted Nov 22, 2015 08:27 AM
    If you have a radius server, leave termination off.

    When termination is enabled, the encrypted tunnel for authentication is created between the client and controller instead of the client and RADIUS server.

    Sent from Nine


  • 3.  RE: Authentication with EAP-PEAP on Windows 10

    Posted Nov 22, 2015 11:38 AM

    Thanks for your reply.

    Yes I have the RADIUS server, Please describe me what the benefit of the terminate on Controller and the effect when I enabled it and using RADIUS server at the same time?



  • 4.  RE: Authentication with EAP-PEAP on Windows 10
    Best Answer

     
    Posted Nov 22, 2015 12:11 PM

    TCK2534,

     

    Termination was introduced long ago when a customer could not stand up a radius server; they would turn on termination and point to an LDAP server, but with modifications required on the client side.  That would work in smaller-scale environments.  If a customer has a radius server, termination should not be used, really.  

     

    In your situation, since you turned on termination, the client would have to trust the controller's certificate, which it probably did not...

     

    Long story short, do not use termination when you have a radius server..



  • 5.  RE: Authentication with EAP-PEAP on Windows 10

    Posted Dec 11, 2015 06:35 AM

    I was having the same problem with Windows 10 and this helped fix my problem.

    However, windows 8.1 is failing to authenticate.

    Any help will be appreciated.

    Thanks



  • 6.  RE: Authentication with EAP-PEAP on Windows 10

     
    Posted Dec 11, 2015 07:35 AM

    trixxmanaty,

     

    Has it ever worked?

     



  • 7.  RE: Authentication with EAP-PEAP on Windows 10

    Posted Dec 11, 2015 07:58 AM

    It hasn't worked. Only windows 7 and 8 have worked.



  • 8.  RE: Authentication with EAP-PEAP on Windows 10

     
    Posted Dec 11, 2015 08:05 AM

    You should probably open a new thread, because this is about Windows 10 and EAP-TLS 1.2.  You probably have a different issue....

     



  • 9.  RE: Authentication with EAP-PEAP on Windows 10

    MVP
    Posted Dec 11, 2015 11:25 AM

    And what is the solution when forced to use termination? Customer is using internal userdb to authenticate their users and has no AD infrastructure.

     

    I found a registry 'hack' (https://support.microsoft.com/en-us/kb/3121002) to fix this but can we fix this on the Aruba side?

     



  • 10.  RE: Authentication with EAP-PEAP on Windows 10

    Posted Aug 26, 2016 10:17 AM

    Can you specify what version of eap too use on clearpass, im on windows 10 and its still using 1.0 authentication is failing similar to the orginal post except we allready have termination off.



  • 11.  RE: Authentication with EAP-PEAP on Windows 10

    Posted Apr 20, 2016 10:29 AM

    In case anyone else is still having this issue like we were and can't do a proper fix.  I found a terrible work around that will probably be overwritten with Windows updates and is generally bad practice ... it's literally just a terrible work around ... but it works if you are desperate.

     

    Find two older copies fo the rastls.dll and rastlsext.dll files located in C:\Windows\sytem32 folder.  Windows 10 build 10.0.10240 has ones that will work but build 10.0.10586 don't work.

     

    On your computer navigate to C:\windows\system32\
    Take ownership and give yourself full rights to:
    rastls.dll
    rastlsext.dll

    remove them (move to your desktop if you want to keep a copy "just in case")
    Copy over the two older versions into your C:\windows\system32\ folder (the ones I used were from 7/10/2015)
    rastls.dll
    rastlsext.dll

    Reboot and recreate your WiFi profile network (didn't try without deleting the existing profile so you may not need to do this)
    You may need to go to a command prompt and run:
    netsh wlan delete profile name="profile_name"



  • 12.  RE: Authentication with EAP-PEAP on Windows 10

    Posted May 08, 2016 11:07 PM

    Hi,

     

    I am also having this issue with windows 10 laptop and android 6.0 and above, termination is enabled on aruba controller 7200 running version 6.3.1.2 and forwarding to windows 2008 NPS.

    What is the implication if we turn off termination on the controller? Will it solve the issue?

    Do we need to install certificate on the windows 2008 NPS server?

     

    Many thanks in advance.

     

    Regards

    Wilson



  • 13.  RE: Authentication with EAP-PEAP on Windows 10

     
    Posted May 08, 2016 11:39 PM

    I am not sure if you have the same issue, but enabling termination on the controller for EAP-PEAP when you already have a Windows NPS server is NOT a good long-term solution.  You should turn off termination and make sure your Windows NPS server has a Server Certificate.  Detailed instructions on how to set it up is here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113



  • 14.  RE: Authentication with EAP-PEAP on Windows 10

    Posted May 29, 2016 11:40 PM

    Hi, 

        I am also having the same issue, this time i am only using Aruba internal database and the device was not able to connect to Aruba Wifi. Also using Android Marsmallow.

     

    Aruba Controller 7210

    ArubaOS ver: 6.3.1.9

     

    I appreciated your help.

     

     

    Regards,

    Nards



  • 15.  RE: Authentication with EAP-PEAP on Windows 10

    EMPLOYEE
    Posted May 29, 2016 11:54 PM
    Please upgrade to the latest version of AOS 6.3.x. 


  • 16.  RE: Authentication with EAP-PEAP on Windows 10

    Posted May 29, 2016 11:57 PM

    Upgrade ArubaOS to 6.4.4.5 or above

    This issue is about TLS1.2 on Windows 10 Authentication



  • 17.  RE: Authentication with EAP-PEAP on Windows 10

    Posted May 30, 2016 12:02 AM