Our corporate network has a global wi-fi solution that uses Cisco access points, PEEP and AD authentication. Users can walk into any office in the world and use their AD credentials to authenticate to wi-fi. It's a nice little set up.
We also use Symantec Endpoint Protection (SEP) for anti-virus; this will become relevant in a moment.
Some users were reporting that their Windows 7 laptops were unable to connect to our corporate WiFi. Clicking on "connect" did nothing but pop-up a window saying "Unable to connect."
After digging through the logs we found that the user's credentials were not being passed to the access points. We attempted to set-up the connection manually and found that the Microsoft Protected EAP (PEEP) option was missing from the "Choose a network authentication method:"
It turns out that SEP was modifying Registry keys and telling Windows the default location of the SymRasMan.dll was C:\Program Files\ Symantec\Symantec Endpoint Protection \ instead of the correct %SystemRoot%\System32\rastls.dll.
The fix we used to resolve the issue is detailed in this MS KB article.
Note: the article specifically refers to this problem occurring on computers that have had SEP removed. However, as far as we were aware the computers that had the issue never had SEP removed, only installed.
No comments:
Post a Comment