cancel
Showing results for 
Search instead for 
Did you mean: 

ExtremeControl - Authentication request became stale...

ExtremeControl - Authentication request became stale...

Scott_Singer1
Extreme Employee
NAC reports that a wired Windows 7 client's authentication request has become stale. This occurs on both EOS and XOS platforms. Here's the scenario. The Windows 7 host is setup to authenticate using host name, which has been joined to the Domain. On boot-up, Host authentication is successful to NAC based on machine name and then a local admin account on the Windows 7 machine is used to login to the machine. Once logged in, the Authentication information in the Local Area Network interface configuration is changed from Computer Authentication to User and Computer Authentication. Immediately, the host uses the Administrator login as the User credentials and fails, since it is not a Domain account. NAC responds to the switch with respect to the failure and the switch notifies the host machine. A packet capture shows the switch sending a packet to the host, but the host doesn't respond. After some research, this Microsoft Windows 7 SP1 bug was discovered to be the culprit.

https://support.microsoft.com/en-us/kb/980295

Interestingly, logging off and back on, as well as rebooting, doesn't usually clear the situation. After time, the host starts talking .1x again, as observed by seeing EAP packets captured from the port, but it's not clear how long this time window is. Disconnecting the Ethernet cable to the host seems to reset the DOT3SVC more reliably, but there were times it did not. Restarting the AutoConfig service (DOT3SVC?) was more reliable.

Rather than risking the Microsoft Hot Fix, Domain credentials were used to authenticate to the domain initially, so that a .1x failure didn't occur when using the local Administrator account. Any authentication failure, host or user, along the way would usually trigger the Microsoft issue.

Regards, Scott
2 REPLIES 2

Ryan_Yacobucci
Extreme Employee
Hello Scott,

Thanks for sharing this information with us. I have put your findings into the KB:

https://gtacknowledge.extremenetworks.com/articles/Solution/Windows-7-clients-failing-802-1x-with-Au...

Thanks!
-Ryan

Scott_Singer1
Extreme Employee
After further testing, I found that restarting the AutoConfig service wasn't as reliable at resetting the 802.1x process as just unplugging the Ethernet cable.
GTM-P2G8KFN