Laptops unable to connect to wireless

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
Our school district's Windows 7 laptops are unable to connect to the wireless with the "validate server certificate" setting enabled under the wireless properties. If I uncheck that box the laptop is able to connect. With about 1000 laptops unchecking that on all will be a pain. Would adding a certificate to the NAC solve this problem?
Photo of Kent Sapp

Kent Sapp

  • 260 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,204 Points 20k badge 2x thumb
Hi Kent,

as it isn't clear from your post my assumption is that ...

The Win7 laptop is connected to a SSID which is using 802.1X PEAP and is authenticated via the NAC which has a conenction to a databse (i.e. LDAP) to check the accounts.

Correct ? If not please let us know how the systems interwork which each other.

-Ron
Photo of Kent Sapp

Kent Sapp

  • 260 Points 250 badge 2x thumb
Yes, that is correct.
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Kent

You'll need to either deploy the CA certificate to the clients trusted certificate store or uncheck the validate server certificate box, which I think can be done via Group Policy definition.

The problem seems to be that the client can't match the server certificate as a trusted one, this is why it works when the client is told not to validate the server certificate it works.

This article might help: https://gtacknowledge.extremenetworks.com/articles/Solution/802-1x-User-PEAP-User-Rejected-in-NAC

-Gareth
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,192 Points 20k badge 2x thumb
Photo of Kent Sapp

Kent Sapp

  • 260 Points 250 badge 2x thumb
Is there a was to export the current certificate in NAC so I can deploy it on a laptop?
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Where is your root CA, if NAC is terminating 802.1X the certificate will be self signed and probably not what you want?

This article might help: https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Update-NAC-Internal-Communications-...
Photo of Kent Sapp

Kent Sapp

  • 260 Points 250 badge 2x thumb
Just an update. We got a certificate from GoDaddy and added the wireless settings to a gpo. Our laptops are now connecting without issue. Thank you for all your advice.
Photo of Drew C.

Drew C., Community Manager

  • 37,350 Points 20k badge 2x thumb
Hi Kent, Thanks for coming back and updating the thread.  Glad to see you got it sorted out!