This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeControl
- Windows 10 to Windows 11 in place upgrade failing,...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Windows 10 to Windows 11 in place upgrade failing, we suspect XIQ/NAC controlled port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Tuesday
We are doing in place Windows 10 to Windows 11 upgrades. We use a MDT server. Previous to the upgrade, the computer is authenticated and given the correct vlan, and all works good.
Authentication is done via LDAP to our domain controllers.
We use Extreme ERS edge switches (4800's and 4900's), with some 5540's running VOSS.
During the upgrade process, it appears that authentication fails (we don't know why), and the computer is given (in our setup) an internet only vlan, which has no access to the MDT server, and the upgrade fails.
Has anyone seen this, or know what we can do? I can always either disable EAP on the port, or put the mac address of the computer in our exception list on XIQ-Control. Then after the upgrade, I can reverse the change I made. Just wondering if there is a better way, or if this is "me only" problem.
Thanks.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Wednesday
@XTRMUser wrote:We are doing in place Windows 10 to Windows 11 upgrades. We use a MDT server. Previous to the upgrade, the computer is authenticated and given the correct vlan, and all works good.
Authentication is done via LDAP to our domain controllers.
We use Extreme ERS edge switches (4800's and 4900's), with some 5540's running VOSS.
During the upgrade process, it appears that authentication fails (we don't know why), and the computer is given (in our setup) an internet only vlan, which has no access to the MDT server, and the upgrade fails.
Has anyone seen this, or know what we can do? I can always either disable EAP on the port, or put the mac address of the computer in our exception list on XIQ-Control. Then after the upgrade, I can reverse the change I made. Just wondering if there is a better way, or if this is "me only" problem.
Thanks.
Yes, this issue has been reported by others. A common workaround is to disable EAP on the port or add the MAC address to the exception list in XIQ-Control during the upgrade, then revert the changes afterward.
Alternatively, you could check for any updates or patches for your Extreme ERS switches and ensure your NPS server is correctly configured.
Best Regards,
James Goff
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Wednesday
Windows 11 introduces a feature called Credential Guard which doesn't allow cached credentials to be saved on the computer. Microsoft recommends using EAP-TLS, which may require certificates issued by AD for machine and/or users. (depending o your NAC config) Currently we have to disable Credential Guard with a GPO until we can implement EAP-TLS or NEAP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Wednesday
I suspect during 1 part of the upgrade the wired autoconfig is not responding to any eapol packets after an network interface reset and the client is reverted back to neap (mac) authentication.
I think adding a rule for mac authenticated clients that are being upgraded and put these mac addresses in a group that hits this rule should be a good workaround. But disabling eap will work also.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Wednesday
@XTRMUser wrote:We are doing in place Windows 10 to Windows 11 upgrades. We use a MDT server. Previous to the upgrade, the computer is authenticated and given the correct vlan, and all works good.
Authentication is done via LDAP to our domain controllers.
We use Extreme ERS edge switches (4800's and 4900's), with some 5540's running VOSS.
During the upgrade process, it appears that authentication fails (we don't know why), and the computer is given (in our setup) an internet only vlan, which has no access to the MDT server, and the upgrade fails.
Has anyone seen this, or know what we can do? I can always either disable EAP on the port, or put the mac address of the computer in our exception list on XIQ-Control. Then after the upgrade, I can reverse the change I made. Just wondering if there is a better way, or if this is "me only" problem.
Thanks.
Yes, this issue has been reported by others. A common workaround is to disable EAP on the port or add the MAC address to the exception list in XIQ-Control during the upgrade, then revert the changes afterward.
Alternatively, you could check for any updates or patches for your Extreme ERS switches and ensure your NPS server is correctly configured.
Best Regards,
James Goff
