A Windows XP-based, Windows Vista-based, or Windows Server 2008-based computer does not respond to 802.1X authentication requests for 20 minutes after a failed authentication

Consider the following scenario:

• You have a computer that is running Windows Vista, Windows Server 2008, or Windows XP in a networked environment.
• You enabled 802.1X authentication for a network connection on the computer.
• The 802.1X authentication fails because of some transient error conditions.

In this scenario, the computer does not respond to any other authentication requests for 20 minutes. Therefore, the computer cannot access the network, or the computer only has limited access to the network.

This problem occurs because the system enters a blocking period that prevents the network from being overloaded with potentially unsuccessful authentications. During this blocking period, the system does not respond to EAPOL-Identity messages from the network access server (NAP). This blocking period is hardcoded to 20 minutes.

After you apply this hotfix, you can set a registry entry to configure the blocking period for failed 802.1X authentications. For more information, see the "Registry information" section.

Hotfix information for Windows Vista and Windows Server 2008

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix on a Windows Vista-based computer, you must have Windows Vista Service Pack 1 installed on the computer. For more information, click the following article number to view the article in the Microsoft Knowledge Base: No prerequisites are required for Windows Server 2008-based computers.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

Registry information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: For wired networks

To use the new registry setting in a wired network, follow these steps:

1. Open Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press ENTER.
2. Locate and then right-click the following registry subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dot3svc
3. Point to New, and then click DWORD Value.
4. Type BlockTime, and then press ENTER.
5. Right-click BlockTime, and then click Modify.
6. Click Decimal under Base.
7. In the Value data box, type an appropriate value for the blocking period, and then click OK. The value that you specify for this registry entry represents the number of minutes that the system waits before it retries a failed authentication. The default value is 60.
8. Exit Registry Editor.

For wireless networks

To use the new registry setting in a wireless network, follow these steps:

1. Open Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press ENTER.
2. Locate and then right-click the following registry subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wlansvc
3. Point to New, and then click DWORD Value.
4. Type BlockTime, and then press ENTER.
5. Right-click BlockTime, and then click Modify.
6. Click Decimal under Base.
7. In the Value data box, type an appropriate value for the blocking period, and then click OK. The value that you specify for this registry entry represents the number of minutes that the system waits before it retries a failed authentication. The default value is 60.
8. Exit Registry Editor.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista and Windows Server 2008 file information notes

• The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
  Collapse this tableExpand this table

  Version	Product	Milestone	Service branch
  6.0.6001.22xxx	Windows Vista SP1 and Windows Server 2008 SP1	SP1	LDR

• Service Pack 1 is integrated into Windows Server 2008.
• The .manifest files and the .mum files that are installed in each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.

For all supported 32-bit versions of Windows Server 2008 and of Windows Vista

For all supported 64-bit versions of Windows Server 2008 and of Windows Vista

Hotfix information for Windows XP

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, Windows XP SP3 must be installed on the computer.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

If you are using a wired connection for networking, this problem is temporarily resolved after you disconnect and then reconnect the network cable.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: