802.1x client authentication fails when you connect to a Windows Server 2003-based computer that is running IAS


Symptoms


When you configure a client computer to use IEEE 802.1x authentication, you may find that you cannot connect to a Microsoft Windows Server 2003-based computer that is running Internet Authentication Services (IAS).

You may receive an error message in the application event log on the Windows Server 2003-based computer that is similar to the following:

Event Type: Warning

Event Source: IAS

Event ID: 2

Authentication-Type = PEAP

Reason-Code = 262

Reason = The supplied message is incomplete. The signature was not verified.

Cause


The issue that is described in the "Symptoms" section may occur if both of the following conditions are true:
  • IAS is installed on the Windows Server 2003-based computer.
  • The Trusted Root CA certificate is not installed on the client computer.

Resolution


To resolve this issue, follow the appropriate method:

Method 1: Disable certificate validation on the client computer

To do this, follow these steps:
  1. Click Start, and then click Control Panel.
  2. Double-click Network Connections.
  3. Right-click the connection that you use to connect to the Windows Server 2003-based computer, and then click Properties.
  4. On the Authentication tab, click Properties.
  5. Click to clear the Validate server certificate check box.

Method 2: Install the trusted root certification authority on the client computer

  1. Start Microsoft Internet Explorer.
  2. In the Address box, type the following address:
    http://ServerName/certsrv
    Note Replace ServerName with the name of the server where the certification authority (CA) is stored.
  3. Click Download a CA certificate, certificate chain, or CRL.
  4. Under CA Certificate, click the CA that you want to install, and then click Download CA Certificate.
  5. On the File Download page, click Open.
  6. Click Install certificate.
  7. Click Next.
  8. Click Automatically select the certificate store based on the type of certificate, and then click Next.
  9. Click Finish.

More Information


For additional information about using 802.1x authentication on Microsoft Windows 2000-based computers, click the following article number to view the article in the Microsoft Knowledge Base:

313664 Using 802.1x authentication on computers running Windows 2000