通过

"Validate server certificate" option is unexpected to check in Wired network (IEEE 802.3) policies

  • 项目

From forum report, There seems to be large number of enterprise users encounters this issue.

You have a Windows 2008 DC. You create a Wired network policy using Windows 7 GPMC, and the “validate server certificate” option is unchecked. After the GPO is applied, the Windows XP, Vista and Server 2008 start having authentication failure. If you open the policy from a Windows Vista GPMC, and you will find the “validate server certificate” option is checked.

To solve this problem temporarily, you should follow one of the workarounds below:

  • Once this happens, delete and recreate the GPO from Server 2008 (not R2), it works as expected.
  • Create the different OU for the clients, i.e. Win7 clients are in an OU, and Vista and XP are in another OU. Then we create two Wired network policy policies for the option “validate server certificate” respectively.

 

Step to repro:

  1.  Have a windows server 2008 DC, and its domain function level is 2008
  2. Create a wired network GPO and uncheck “validate server certificate” option (under “ Computer Configuration -> policies -> windows settings -> Security Settings -> Wired Network(IEEE 802.3) policies”) using a Windows 7 GPMC
  3. Open this GPO from a Windows Vista GPMC, You will find the “validate server certificate” option is checked.

 Edit: We have released a hotfix to resolve this issue. Please apply the following hotfix if you encounter the same issue:

https://support.microsoft.com/kb/2493933/en-us

Comments

  • Anonymous
    January 01, 2003
    Please apply the following hotfix if you encounter the same issue: support.microsoft.com/.../en-us

  • Anonymous
    January 01, 2003
    Samuel, thanks for sharing.

  • Anonymous
    January 26, 2011
    I have this exact issue, but when I try and create the policy on a Server 2008 machine it gives me an access denied error when trying to create a new 802.1x policy. Not sure what to do now.

  • Anonymous
    March 16, 2011
    The hotfix states that it is for Vista and 2008 only.  What about XP because I am still running into problems with this OS.

  • Anonymous
    March 16, 2011
    The comment has been removed

  • Anonymous
    July 20, 2012
    The comment has been removed