Wireless
Issues related to Intel® Wireless Adapters and technologies
Announcements
This community is designed for sharing of public information. Please do not share Intel or third-party confidential information here.
6028 Discussions

AX200 802.11r windows 10 PMK Caching

Jason_jm
Beginner
1,207 Views

We are currently working an issue with our Meraki WiFi and our Windows 10 devices. We have windows configured with 802.11x machine certificate authentication. We have discovered an issue that causes the client to disconnect and reconnect based on a certain set of actions.

 

We have our clients configured with Fast roaming enabled. (PMK Caching and Preauthentication). When the client successfully connects to the ap, it will stay connected indefinitely. At the pre-defined interval for PMK caching (12 hours) it will seamlessly renew itself. We see an event on the ISE server backend ( successful auth) and a successful authentication in the meraki  portal. Never disconnects. 

 

If the client roams among AP's, the roam is flawless. The client never disconnects, is never forced to re-authenticate (not activity in the ISE logs and no authentication event in Meraki) only association or disassociations as expected.

 

However, if the client has been roaming, when the PMK cache expires (12 hours), the client fails to renew seamlessly. We can see in the event logs that is sends an EAP start command but the AP immediately de-authenticates the client. The client tries 3 more times to authenticate, fails and then resets the connection. Not such a big deal, except if this process occurs during a Teams or Zoom call, there is a network drop that is obvious to the end user. 

We have worked with Meraki and Microsoft support, have seen the issue on Dell and Surface devices. Everyone is pointing to the Adapter drivers. We have tried every driver that Intel releases as soon a new one comes out. 

0 Kudos
16 Replies
DeividA_Intel
Moderator
1,180 Views

Hello Jason_jm,  

  


Thank you for posting on the Intel® communities.   

  


In order to better assist you, please provide the following:  


  


1. Run the Intel® System Support Utility (Intel® SSU) to gather more details about the system.  


· Download the Intel® SSU and save the application on your computer: https://downloadcenter.intel.com/download/25293/Intel-System-Support-Utility-for-Windows-  


· Open the application, check the "Everything" checkbox, and click "Scan" to see the system and device information. The Intel® SSU defaults to the "Summary View" on the output screen following the scan. Click the menu where it says "Summary" to change to "Detailed View".  


· To save your scan, click Next and click Save.  


  


Regards,    


Deivid A. 

Intel Customer Support Technician 


Jason_jm
Beginner
1,171 Views

and what do you want me to do with the results?

DeividA_Intel
Moderator
1,153 Views

Hello Jason_jm, 



Once you have the report, you just need to attach it to your reply/post and we will proceed to check further information about the system. 


The tool doe not collect personal information, just information about the hardware and software.






Best regards,  


Deivid A.  

Intel Customer Support Technician 


Jason_jm
Beginner
1,137 Views

Unfortunately that is not correct. The tool pulls events from the windows event logs that include details about group policy. These events contain details and information about our active directory domain. I will work on cleaning it up.

Jason_jm
Beginner
1,131 Views

here is the file.

DeividA_Intel
Moderator
1,109 Views

Hello Jason_jm, 


  


Thank you for the information provided 


  


I will proceed to check the issue internally and post back soon with more details. 


  


Best regards,  


Deivid A.  

Intel Customer Support Technician 


DeividA_Intel
Moderator
1,085 Views

Hello Jason_jm,


 

We have some community members reporting a similar situation. Intel has started working directly with Cisco and Microsoft to understand where the root cause of the problem is.


- Make sure AP has the latest firmware available from AP OEM (Original Equipment Manufacturer).


- Make sure that Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters - Version: 21.60.2 or later is installed:

https://downloadcenter.intel.com/download/29258/Windows-10-Wi-Fi-Drivers-for-Intel-Wireless-Adapters 

 


- One common factor that we have noticed is that some community members have the CCKM (Cisco Centralized Key Management) option enabled by default so try disabling it.


- Some other community members have reported that disabling the 802.11R (Fast transition feature) also fixes the problem for some of them. 


In the meantime, we need you to also open a case directly with Microsoft to get all cases tracked. 


Check download center once in a while for new drivers releases.





Best regards,  


Deivid A.  

Intel Customer Support Technician 


Manuel_CISCO
Beginner
1,025 Views

Hi Deivid,

 

I'm in the Cisco Account team supporting this customer.
Can you provide some contacts at Cisco and Intel to follow up on this issue?

You can send me a direct message.

 

Thank you,

 

Manuel

 

Jason_jm
Beginner
1,075 Views

Thanks. We have several cases open with Cisco, Microsoft and Dell. Luckly we were able to reproduce it on a Surface Pro 7+ so MS is looking at it from a HW and SW perspective.

DeividA_Intel
Moderator
1,021 Views

Hello @Manuel_CISCO , 

 

 

I do appreciate your help on this matter, however, I will request privately some information from Jason_jm before we continue further.

 

 

@Jason_jm, I will appreciate it if you can help me with the information requested to the email address associated with your community profile.

 

 

 

 

Best regards,  

 

Deivid A.  

Intel Customer Support Technician 

 

Manuel_CISCO
Beginner
939 Views

Hi Deivid,

 

Please provide the contacts at Cisco and Intel to follow up on this issue.

 

Thank you,

 

Manuel

DeividA_Intel
Moderator
959 Views

Hello Jason_jm, 



In order to help you further, I will send you an email to the e-mail address associated with your community profile, requesting some information that will help us to continue with the research.





Best regards, 


Deivid A.  

Intel Customer Support Technician 


Herger21
Beginner
809 Views

Hi Jason,

I would like to exchange with you about your configuration you are using today on Meraki side and windows 10 Laptop.

We are experiencing many issues when users roam  or don't move.

I would like to implement Fast Roaming.  We use 802.1x authentication and computer certificate. 

You can join me by mail guillaume.rouard@pwc.com.

Thank you in advance for your help.

Jason_jm
Beginner
796 Views

I am going to have my network architect reach out to you. He has been working this issue since last year. We have finally stabilized our roaming.

PeteV
Beginner
60 Views

If possible, I would also be interested in what solution was defined here.   

 

Thx

Herger21
Beginner
53 Views

Hi Pete

 

You can contact me by mail if you want exchange on this topic.

guillaume.rouard@pwc.com

 

Regards

Reply