I will keep you posted.Īlso, I finally got an answer from Microsoft Support. Also, we increased the maximum amount of Eapol-Start Messages as wellĪs the times for the Held Period, Start Period and Auth Period. There, we set the maximum amount of authentication failures to 3 instead of the default 1. I am not sure what booting up in safe mode can do for me under these circumstances.įor testing purposes, we created a modified copy of the GPO that enables 802.1x on the clients. They were delivered four non-public patches by Microsoft However, we could find out that another company once had a very similar issue with Windows 7, where Windows tried to send the authentication package before the network services and drivers were loaded. No general difference between affected machines that are affected ond those that are not whatsoever. It is Laptops and Desktops, machines that were installed via MDT, machines that were installed clean by hand, machines that were upgraded, as wellĪs some machines with a factory image. I cannot get any relevant information out ouf Event View. As far as we know, around 25% of our Windows 10 clients are affected - it might be more that we do not know about. The issue mostly occurs when the clients were not powered on for 1 or more days. Not getting answers to my requests anymore. After manually collecting most of the information the tool would have collected and uploading them into a workspace, I am Updating the network interface driversĪlso, I have already opened a case at Microsoft Support and got a diagnosis tool, but this tool does not work when the issue occurs. Disabling Hiberboot as the problem was mostly solved after reboot.Ħ. The steps described in KB3121002 (deactivating TLS1.2 via registry)Ģ. We already tried following actions without success (some with temporary success):ġ. The issue can be fixed temporarily by restarting affected clients 1-3 times. If the service is not started, the machine will also be put into the default VLAN, but without the mentioned issues. If I execute "netsh lan show interface" to view the authentication status, the command does not do anything. I am not able to restart the dot3svc service as it does Whenever this occurs, we have additional effects:ĭifferent features of Outlook do not work, HTA applications will not start, TeamViewer will not start, the network settings of Windows cannot be opened, an attempt to reboot can take hours (literally). Our fallback policy then puts the devices into the default VLAN, which is not quarantined. If the service "Automatic configuration (wired)" (dot3svc) is started, clients are not authenticated properly. Wired clients would be subject to any network sign-on methods configured on that SSID (e.g., sign-on splash page).I am (sporadically) having the following issue with Windows 10 (v1511 and later) and 802.1x wired authentication: If wired traffic is allowed, the AP will route all packets received on its wired port as if they came from the specified SSID. Wired clients are treated as part of a specified SSID.The wired port of an Access Point acting as a repeater can be used for this feature if it does not have dedicated hardware for this feature. The administrator can decide how to treat device that is plugged into a wired porton the AP. Some Meraki Access Points have a dedicated Ethernet plug built in for this functionality, please refer to the datasheet to determine the capabilities of the Access Point. If the Clients wired directly to Meraki APs setting is set to a particular SSID and an AP has a port profile configured and assigned, settings in the port profile will override the Clients wired directly to Meraki APs setting.Īdministrators can plug computers, switches, and other devices into the Ethernet jack of a Meraki AP. Note: Port profiles provide a more flexible way to configure wired ports on 2- and 4-port APs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |