802.1x wireless clients with Windows 7 and Vista are blocked by the Lan Enforcer with the error message "Because Host Integrity check is UNAVAILABLE, profile check is UNAVAILABLE and EAP auth is PASSED."

book

Article ID: 178067

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

802.1x wireless clients with Windows 7 and Vista are blocked by the Lan Enforcer


Symptoms
Host Integrity on the clients are passing. However, an error message from the Lan Enforcer indicates that the HI data from the client is "UNAVAILABLE". The error message "Because Host Integrity check is UNAVAILABLE, profile check is UNAVAILABLE and EAP auth is PASSED" is seen.

 

Cause

Microsoft made a modification to the WIFI driver for wireless clients. Previously, with using the Windows Supplicant with a wireless Windows XP client, it was only necessary to check the box entitled "Enable 802.1x authentication."

Resolution

For wireless Vista clients with Service Pack 1 and Windows 7 clients, in addition to selecting the box entitled "Enable 802.1x authentication, the box on the same page entitled "Use the client as an 802.1x supplicant" also must be checked along with the radial button entitled "Allow the user to select the authentication protocol." These settings can be found on the Policy Manager by selecting "Clients", then selecting the group associated with the affected clients and selecting the "Policies" tab. Next, click on "General Settings" under "Settings" and select the "Security Settings" tab. Under the section entitled "Enforce Client", you will see the required settings. Note: This change only affected wireless clients. Wired clients were not affected by the WIFI driver change.