You encounter several problems on a Windows XP SP3-based computer when the EAP-TLS machine authentication fails during system startup

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
When you use a Windows XP Service Pack 3 (SP3)-based computer in a network, you encounter one or more of the following symptoms:
  • Some Group Policy settings cannot be applied to this computer.
  • Some updates that are deployed through Windows Software Update Services (WSUS) cannot be installed.
  • Some startup scripts do not run as expected.
This problem occurs when the Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) machine authentication fails the first time that the operating system tries to authenticate during the startup process. When the operating system tries to authenticate again, authentication succeeds, and you can log on to the system. However, certain processes or applications that run during system startup are not executed.
This problem occurs because of a timing issue that occurs when a wired authentication starts on an interface but cannot finish. Then, when the Group Policy settings are applied to that interface, the system starts a new EAP host session before the previous EAP host session is closed. Therefore, authentication fails.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


To apply this hotfix, you must have Windows XP Service Pack 3 installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows XP with Service Pack 3, x86-based versions
File nameFile versionFile sizeDateTimePlatform
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about EAP, visit the following Microsoft Web site:

Article ID: 960655 - Last Review: 01/16/2015 10:52:39 - Revision: 3.0

  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • kbnosurvey kbarchive kbautohotfix kbexpertiseinter kbfix kbbug kbsurveynew kbqfe KB960655