PEAP-EAPTLS or EAPTLS Single Sign On with Pre-Logon does not work

Summary

Single Sign-On (SSO) with the "Perform immediately before user logon" (pre-logon) option set with registry based certificates is not supported. Registry based certificates utilize either EAP-TLS or PEAP-EAP-TLS authentication methods.

This is because user registry certificates live in HKEY_CURRENT_USER, which does not get loaded until immediately after the user logs in.  Therefore, because we are doing "pre-logon", when the supplicant attempts to find credentials, there is no user context loaded hence no certificates available to the supplicant.



More Information

Analysis:

33547 [1]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.200 [Microsoft-Windows-EapHost]RasEapQueryCredentialInputFields Entry: flags(393344)

33550 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.235 [Microsoft-Windows-EapHost]RasEapQueryCredentialInputFields failed -2143158246

33552 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [eap]Windows Error Code = 0x8042001aEapMethodType = 0x19Module reason code = 8042001a

33553 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [eap]Root Cause GUID = {DA18BD32-004F-41FA-AE08-0BC85E5845AC}Help Link GUID = {9612FC67-6150-4209-A85E-A8D80000002D}Repair GUID = {00000000-0000-0000-0000-000000000000}

33554 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [eap]Root Cause String = "<NULL>"Repair String = "<NULL>"

33558 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [Microsoft-Windows-EapHost]EapHostPeerQueryCredentialInputFields Exit: returning(-2143158246)

33559 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [config]EapHostPeerQueryCredentialInputFields Exit: returning(-2143158246)

33561 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [util]OneXQueryCredentialFields failed, Error 2151809050

33562 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [util]<-- MSMSecQueryCredentialFields: 2151809050

33563 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [util]AcmQueryCredentialFields failed, Error 2151809050

33564 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [Microsoft-Windows-WLAN-AutoConfig]A pre-logon connection was not attempted. Result: The operational criteria were not met. Reason: An unspecified EAP error has occurred.

33565 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [server]WlanQueryCredentialFields Failed (2151809050)]

33566 [0]03C8.06A4::‎2012‎-‎05‎-‎25 04:00:38.236 [server]Could not find the interface using the given GUID, error 2151809050.

33567 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.236 [filter]WlanQueryPlapCredentials failed, error 2151809050

33568 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.236 [Microsoft-Windows-L2NACP]Plap Enabled = false

33569 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.237 [filter]~IsPlapEnabled 0

33570 [1]0390.04A4::‎2012‎-‎05‎-‎25 04:00:38.237 [filter]IsPlapEnabled 0



WlanQueryPlapCredentials fails with error code = 2151809050 = 8042001A = EAP_E_METHOD_CONFIG_DOES_NOT_SUPPORT_SSO



內容

文章識別碼:2717916 - 最後檢閱時間:2012年9月21日 - 修訂: 1

意見反應