802.1x wireless clients with Windows 7 and Vista are blocked by the Lan Enforcer with the error message "Because Host Integrity check is UNAVAILABLE, profile check is UNAVAILABLE and EAP auth is PASSED."
802.1x wireless clients with Windows 7 and Vista are blocked by the Lan Enforcer
Host Integrity on the clients are passing. However, an error message from the Lan Enforcer indicates that the HI data from the client is "UNAVAILABLE". The error message "Because Host Integrity check is UNAVAILABLE, profile check is UNAVAILABLE and EAP auth is PASSED" is seen.
Microsoft made a modification to the WIFI driver for wireless clients. Previously, with using the Windows Supplicant with a wireless Windows XP client, it was only necessary to check the box entitled "Enable 802.1x authentication."
For wireless Vista clients with Service Pack 1 and Windows 7 clients, in addition to selecting the box entitled "Enable 802.1x authentication, the box on the same page entitled "Use the client as an 802.1x supplicant" also must be checked along with the radial button entitled "Allow the user to select the authentication protocol." These settings can be found on the Policy Manager by selecting "Clients", then selecting the group associated with the affected clients and selecting the "Policies" tab. Next, click on "General Settings" under "Settings" and select the "Security Settings" tab. Under the section entitled "Enforce Client", you will see the required settings. Note: This change only affected wireless clients. Wired clients were not affected by the WIFI driver change.
Imported Document ID: TECH97465
Subscribing will provide email updates when this Article is updated. Login is required.