Try our Virtual Agent - It can help you quickly identify and fix common Wireless technology issues.
Applies to: Windows 10
Overview
This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to tát know how the flow of authentication works, and then figure out where it's breaking. It involves many third-party devices and software. Most of the time, we have to tát identify where the problem is, and another vendor has to tát fix it. We don't make access points or switches, sánh it's not an end-to-end Microsoft solution.
Scenarios
This troubleshooting technique applies to tát any scenario in which wireless or wired connections with 802.1X authentication are attempted and then fail to tát establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
Known issues
None
Data collection
See Advanced troubleshooting 802.1X authentication data collection.
Troubleshooting
Viewing NPS authentication status events in the Windows Security sự kiện log is one of the most useful troubleshooting methods to tát obtain information about failed authentications.
NPS sự kiện log entries contain information about the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you don't see both success and failure events, see the NPS audit policy section later in this article.
Check the Windows Security sự kiện log on the NPS Server for NPS events that correspond to tát the rejected (event ID 6273) or the accepted (event ID 6272) connection attempts.
In the sự kiện message, scroll to tát the bottom, and then kiểm tra the Reason Code field and the text that's associated with it.
Example: sự kiện ID 6273 (Audit Failure)
Example: sự kiện ID 6272 (Audit Success)
The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to tát the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, if connectivity problems occur, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
On the client side, go to tát Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational for wireless issues. For wired network access issues, go to tát ..\Wired-AutoConfig/Operational. See the following example:
Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation kiểm tra failure.
First, validate the type of EAP method that's used:
If a certificate is used for its authentication method, kiểm tra whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property thực đơn. In NPS snap-in, go to tát Policies > Network Policies. Select and hold (or right-click) the policy, and then select Properties. In the pop-up window, go to tát the Constraints tab, and then select the Authentication Methods section.
The CAPI2 sự kiện log is useful for troubleshooting certificate-related issues. By mặc định, this log isn't enabled. To enable this log, expand Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2, select and hold (or right-click) Operational, and then select Enable Log.
For information about how to tát analyze CAPI2 sự kiện logs, see Troubleshooting PKI Problems on Windows Vista.
When troubleshooting complex 802.1X authentication issues, it's important to tát understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
If you collect a network packet capture on both the client and the server (NPS) side, you can see a flow lượt thích the one below. Type EAPOL in the Display Filter for a client-side capture, and EAP for an NPS-side capture. See the following examples:
Client-side packet capture data
NPS-side packet capture data
Note
If you have a wireless trace, you can also view ETL files with network monitor and apply the ONEX_MicrosoftWindowsOneX and WLAN_MicrosoftWindowsWLANAutoConfig Network Monitor filters. If you need to tát load the required parser, see the instructions under the Help thực đơn in Network Monitor. Here's an example:
Audit policy
By mặc định, NPS audit policy (event logging) for connection success and failure is enabled. If you find that one or both types of logging are disabled, use the following steps to tát troubleshoot.
View the current audit policy settings by running the following command on the NPS server:
auditpol /get /subcategory:"Network Policy Server"
If both success and failure events are enabled, the output should be:
System audit policy
Category/Subcategory Setting
Logon/Logoff
Network Policy Server Success and Failure
If it says, "No auditing," you can lập cập this command to tát enable it:
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Even if audit policy appears to tát be fully enabled, it sometimes helps to tát disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to tát the success/failure setting, select Computer Configuration > Policies > Windows Settings > Security Settings > Advanced phân tích và đo lường Policy Configuration > Audit Policies > Logon/Logoff > Audit Network Policy Server.
More information
- Troubleshooting Windows Vista 802.11 Wireless Connections
- Troubleshooting Windows Vista Secure 802.3 Wired Connections