PEAP-EAPTLS or EAPTLS Single Sign On with Pre-Logon does not work

Single Sign-On (SSO) with the "Perform immediately before user logon" (pre-logon) option set with registry based certificates is not supported. Registry based certificates utilize either EAP-TLS or PEAP-EAP-TLS authentication methods.

This is because user registry certificates live in HKEY_CURRENT_USER, which does not get loaded until immediately after the user logs in.  Therefore, because we are doing "pre-logon", when the supplicant attempts to find credentials, there is no user context loaded hence no certificates available to the supplicant.

More information

33547 [1]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.200 [Microsoft-Windows-EapHost]RasEapQueryCredentialInputFields Entry: flags(393344)

33550 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.235 [Microsoft-Windows-EapHost]RasEapQueryCredentialInputFields failed -2143158246

33552 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [eap]Windows Error Code = 0x8042001aEapMethodType = 0x19Module reason code = 8042001a

33553 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [eap]Root Cause GUID = {DA18BD32-004F-41FA-AE08-0BC85E5845AC}Help Link GUID = {9612FC67-6150-4209-A85E-A8D80000002D}Repair GUID = {00000000-0000-0000-0000-000000000000}

33554 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [eap]Root Cause String = "<NULL>"Repair String = "<NULL>"

33558 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [Microsoft-Windows-EapHost]EapHostPeerQueryCredentialInputFields Exit: returning(-2143158246)

33559 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [config]EapHostPeerQueryCredentialInputFields Exit: returning(-2143158246)

33561 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [util]OneXQueryCredentialFields failed, Error 2151809050

33562 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [util]<-- MSMSecQueryCredentialFields: 2151809050

33563 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [util]AcmQueryCredentialFields failed, Error 2151809050

33564 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [Microsoft-Windows-WLAN-AutoConfig]A pre-logon connection was not attempted. Result: The operational criteria were not met. Reason: An unspecified EAP error has occurred.

33565 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [server]WlanQueryCredentialFields Failed (2151809050)]

33566 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [server]Could not find the interface using the given GUID, error 2151809050.

33567 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.236 [filter]WlanQueryPlapCredentials failed, error 2151809050

33568 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.236 [Microsoft-Windows-L2NACP]Plap Enabled = false

33569 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.237 [filter]~IsPlapEnabled 0

33570 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.237 [filter]IsPlapEnabled 0

WlanQueryPlapCredentials fails with error code = 2151809050 = 8042001A = EAP_E_METHOD_CONFIG_DOES_NOT_SUPPORT_SSO

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2717916 - Last Review: 09/21/2012 04:16:00 - Revision: 1.0

Windows 7 Professional, Windows Vista Service Pack 2

  • KB2717916