Successful authentications occur even though the authentications do not participate in Network Access Protection on a Windows Vista-based computer

Article translations Article translations
Article ID: 947218 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When the Network Access Protection Agent service is disabled on a Windows Vista-based computer, the Transport Layer Security (TLS) session cookie is not updated. Also, the cookie will be reused when the Network Access Protection Agent service is enabled. This lets successful authentications occur even though the authentications do not participate in Network Access Protection (NAP).

CAUSE

This problem occurs because the Fast Reconnect functionality is enabled. If the NapAgent client has already performed a successful Protected Extensible Authentication Protocol (PEAP) authentication through successful statement of health (SoH) exchanges, a TLS session key is saved. Therefore, the client can apply the Fast Reconnect functionality.

WORKAROUND

To work around this problem, configure the client computer not to use the Fast Reconnect functionality. To do this, follow these steps:
  1. Click Start, type services.msc in the Start Search box, and then press ENTER.

    Note If you are prompted for an administrator password, type the password. Or, if you are prompted for confirmation, provide confirmation.
  2. In the Services window, click the Standard tab, right-click Wired AutoConfig, and then click Start.
  3. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, and then click Manage network connections.
  4. Right-click the network connection, and then click Properties.
  5. Click the Authentication tab, and then click to select the Enable IEEE 802.1X authentication check box.
  6. In the Choose a network authentication method list, click to select Protected EAP (PEAP), and then click Settings.
  7. Click to clear the Enable Fast Reconnect check box, and then click OK.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 947218 - Last Review: January 22, 2008 - Revision: 1.1
APPLIES TO
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
Keywords: 
kbexpertiseadvanced kbtshoot kbprb KB947218

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com