Article ID: 947218 - View products that this article applies to.
When the Network Access Protection Agent service is disabled on a Windows Vista-based computer, the Transport Layer Security (TLS) session cookie is not updated. Also, the cookie will be reused when the Network Access Protection Agent service is enabled. This lets successful authentications occur even though the authentications do not participate in Network Access Protection (NAP).
This problem occurs because the Fast Reconnect functionality is enabled. If the NapAgent client has already performed a successful Protected Extensible Authentication Protocol (PEAP) authentication through successful statement of health (SoH) exchanges, a TLS session key is saved. Therefore, the client can apply the Fast Reconnect functionality.
To work around this problem, configure the client computer not to use the Fast Reconnect functionality. To do this, follow these steps:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 947218 - Last Review: January 22, 2008 - Revision: 1.1