GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication. Nov 12, 2016 WLAN AutoConfig service failed to connect to a wireless network.2016 Driver date: 10-7-2016 DevNode flags: 0x180200a Device: Microsoft ISATAP Adapter PNP ID: SWDIPTUNNELVBUSISATAP0 Guid. Windows could not start the WLAN AutoConfig service on Local Computer in Network and Sharing.
Event ID 8001 for successful WiFi connection and 8003 for disconnect are being recorded in Applications and Services Microsoft Windows WLAN-AutoConfig Operational. For wired connection there are events 10000 (connected) & 10001 (disconnect) in Applications and Services Microsoft Windows Network Profile Operational.
title | ms.reviewer | manager | description | keywords | ms.prod | ms.mktglfcycl | ms.sitesec | author | ms.localizationpriority | ms.author | ms.topic |
---|---|---|---|---|---|---|---|---|---|---|---|
Learn how 802.1X Authentication works | advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi | msfttracyp | tracyp |
Overview
This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution.
Scenarios
This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 - 10 for clients, and Windows Server 2008 R2 - 2012 R2 for NPS.
Known Issues
None
Data Collection
See Advanced troubleshooting 802.1X authentication data collection.
Troubleshooting
Viewing NPS authentication status events in the Windows Security event log is one of the most useful troubleshooting methods to obtain information about failed authentications.
NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you are not seeing both success and failure events, see the section below on NPS audit policy.
Microsoft-windows-wlan-autoconfig Operational.evtx
Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected (event ID 6273) or accepted (event ID 6272) connection attempts.
In the event message, scroll to the very bottom, and check the Reason Code field and the text associated with it.
Example: event ID 6273 (Audit Failure)
Example: event ID 6272 (Audit Success)
Example: event ID 6272 (Audit Success)
The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
On the client side, navigate to Event Viewer (Local)Applications and Services LogsMicrosoftWindowsWLAN-AutoConfig/Operational for wireless issues. For wired network access issues, navigate to ..Wired-AutoConfig/Operational. See the following example:
Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.).
First, validate the type of EAP method being used:
If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu:
The CAPI2 event log will be useful for troubleshooting certificate-related issues.This log is not enabled by default. You can enable this log by expanding Event Viewer (Local)Applications and Services LogsMicrosoftWindowsCAPI2, right-clicking Operational and then clicking Enable Log.
The following article explains how to analyze CAPI2 event logs:Troubleshooting PKI Problems on Windows Vista.
When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication:
If you collect a network packet capture on both the client and the server (NPS) side, you can see a flow like the one below. Type EAPOL in the Display Filter in for a client side capture, and EAP for an NPS side capture. See the following examples:
Client-side packet capture data
NPS-side packet capture data
[!NOTE]If you have a wireless trace, you can also view ETL files with network monitor and apply the ONEX_MicrosoftWindowsOneX and WLAN_MicrosoftWindowsWLANAutoConfig Network Monitor filters. Follow the instructions under the Help menu in Network Monitor to load the reqired parser if needed. See the example below.
Audit policy
Microsoft Windows Wlan Autoconfig Operational Error
NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
View the current audit policy settings by running the following command on the NPS server:
If both success and failure events are enabled, the output should be:
Microsoft-windows-wlan-autoconfig/operational
If it shows ‘No auditing’, you can run this command to enable it:
Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server.
Microsoft Windows Wlan Autoconfig Operational Manager
Additional references
Applications And Services Logs/microsoft/windows/wlan-autoconfig/operational
Troubleshooting Windows Vista 802.11 Wireless Connections
Troubleshooting Windows Vista Secure 802.3 Wired Connections
Troubleshooting Windows Vista Secure 802.3 Wired Connections