Server Does Not Make EAP-OE Connection to LAN If a User Is Not Logged On

Article translations Article translations
Article ID: 304347 - View products that this article applies to.
This article was previously published under Q304347
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SYMPTOMS

When a server tries to initiate Extensible Authentication Protocol (EAP-OE) in order to connect to the local area network (LAN) during startup, the connection may not succeed if the server tries to use a computer's certificate without a user's being logged on.

CAUSE

This behavior can occur because EAP/Transport Layer Security (EAP/TLS) cannot support a computer certificate authentication unless a user is logged on. The Schannel certificate mapper does not support mapping computer certificates to computer accounts.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
   Date        Time     Version         Size      File name
   ----------------------------------------------------------
   7/17/2001   04:52p   5.0.2195.3870   501,520   Lsasrv.dll(56-bit)
   7/24/2001   10:11a   5.1.2195.0      145,680   Schannel.dll(56-bit)
   7/24/2001   04:46p   5.0.2195.3858   355,088   Advapi32.dll
   7/24/2001   05:33p   5.0.2195.3870   519,440   Instlsa5.dll
   7/24/2001   05:34p   5.1.2195.0      163,600   Instsch5.dll
   7/24/2001   04:46p   5.0.2195.3817   142,608   Kdcsvc.dll
   7/17/2001   05:08p   5.0.2195.3872   197,392   Kerberos.dll
   6/26/2001   08:16p   5.0.2195.3781    69,456   Ksecdd.sys
   7/17/2001   04:52p   5.0.2195.3870   501,520   Lsasrv.dll
   7/17/2001   04:52p   5.0.2195.3870    33,552   Lsass.exe
   7/24/2001   04:46p   5.0.2195.3868   909,072   Ntdsa.dll
   7/24/2001   04:46p   5.0.2195.3848   382,224   Samsrv.dll
   7/24/2001   04:46p   5.0.2195.3781   128,784   Scecli.dll
   7/24/2001   04:46p   5.0.2195.3649   299,792   Scesrv.dll
   7/24/2001   10:11a   5.1.2195.0      145,680   Schannel.dll 
				

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

MORE INFORMATION

This fix changes the Schannel certificate mapper so that it can recognize computer certificates.

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
265173 Datacenter Program and Windows 2000 Datacenter Server Product
For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:
296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Properties

Article ID: 304347 - Last Review: February 27, 2014 - Revision: 3.6
APPLIES TO
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
Keywords: 
kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbfix kbsecurity kbwin2000presp3fix kbwin2000sp3fix KB304347

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com