TLD is missing to authenticate in an 802.1x network

MarcPlagge Feb 27, 2012 10:37 AM

Currently Being Moderated

Hello everyone,

we are currently impementing AMT Clients (Versions 5.x - 7.x) with SCCM and Microsoft NPS in our 802.1x protected network. Everthing worked as expected (Provisioning OK, TLS OK, Kerberos OK, KVM OK Power Control OK) until now. The 802.1x authentication is failing because of an incorrect domain Name.

For example: Lets say our domain name (DNS) is vpro.com. NETBIOS Name is corpvro. Usually the clients are authentication with PEAP-MS-CHAPv2 using this notation: corpvro\COMPUTERNAME$. If AMT tries to authenticate the notation is: vrpo\COMPUTERNAME$iME. So it is using the DNS Name without the top level domain behind the dot. Now the NPS is saying "domain not exist" Errorcode 7 and drops the authentication attempt. Where could i have made a mistake, everything else is working as is should.

Thank you for your help....

1. Re: TLD is missing to authenticate in an 802.1x network

Dan Borud Mar 13, 2012 11:14 AM (in response to MarcPlagge )

Currently Being Moderated

Can you please clarify if you are indicating that you originally provisioned and managed your clients successfully with SCCM in an 802.1x environment and then later authentication broke? Or did you add the MSFT NPS in after originally configuring all of your vPro clients? Has this disjointed name space issue caused any other problems with your infrastructure?
Report Abuse

Like (0)

Reply
2. Re: TLD is missing to authenticate in an 802.1x network

Josh Copeland Mar 13, 2012 11:14 AM (in response to MarcPlagge )

Currently Being Moderated

Hi Marc,
Let me research this a bit more and see if there is anything that could be causing your error.

thanks
Josh
Report Abuse

Like (0)

Reply
3. Re: TLD is missing to authenticate in an 802.1x network

MarcPlagge Mar 14, 2012 2:05 PM (in response to Josh Copeland)

Currently Being Moderated

Hi guys,

thank you for your replies. Microsoft Support just confirmed: Its a bug...
The behavior that you experience is a Bug in SCCM 2007. Regretfully the scenario where the NetBIOS domain name is not the same as
the leftmost part of the FQDN will lead to problems.
Like (0)

Reply
4. Re: TLD is missing to authenticate in an 802.1x network

Josh Copeland Mar 15, 2012 12:05 PM (in response to MarcPlagge )

Currently Being Moderated

Thanks for the follow-up Marc!
Josh
Report Abuse

Like (0)

Reply

Go to original post Reply to original post

TLD is missing to authenticate in an 802.1x network

1. Re: TLD is missing to authenticate in an 802.1x network

2. Re: TLD is missing to authenticate in an 802.1x network

3. Re: TLD is missing to authenticate in an 802.1x network

The behavior that you experience is a Bug in SCCM 2007. Regretfully the scenario where the NetBIOS domain name is not the same as
the leftmost part of the FQDN will lead to problems.

4. Re: TLD is missing to authenticate in an 802.1x network

Actions

More Like This

The behavior that you experience is a Bug in SCCM 2007. Regretfully the scenario where the NetBIOS domain name is not the same as the leftmost part of the FQDN will lead to problems.

The behavior that you experience is a Bug in SCCM 2007. Regretfully the scenario where the NetBIOS domain name is not the same as
the leftmost part of the FQDN will lead to problems.