Wireless
Participate in insightful discussions regarding issues related to Intel® Wireless Adapters and technologies
7426 Discussions

WPA2-Enterprise unable to connect in Windows 10 version 2004?

ziesemer
Novice
‎06-28-2020 03:42 PM
33,912 Views
Solved Jump to solution

I am unable to connect to WPA2-Enterprise (or WPA3-Enterprise) using TLS networks (any and multiple) after upgrading from Windows 10 version 1909 to 2004 (OS Build 19041.329). At present, I am using an Intel Wireless-AC 9260 with driver version 21.90.3.2.

I've spent a few hours trying all combinations of the following, without success:

  1. Downgrading to driver version 21.80.2.
  2. Changing the wireless card to a 8265NGW.
  3. Performing a clean re-install of Windows 10 version 2004, both before and after all Windows Updates are applied.


The following, however, allow for successful connections:

  1. Performing a clean re-install of Windows 10 version 1909. This works with both the 8265NGW and the 9260, using either the 21.80.2 or 21.90.3.2 driver version, both before and after all Windows Updates are applied.  However, then upgrading that Windows installation to Windows 10 version 2004 breaks any WPA2-Enterprise connections, only allowing for PSK.
  2. Using a cheap Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 adapter works (albeit without the AC speeds, or 5 GHz).


This seems to clearly show an issue with WPA2-Enterprise within the Intel drivers under Windows 10 version 2004. Can anyone else confirm working or non-working scenarios here under Windows 10 version 2004?

What I do see are many repeats of the following sequence of Event Logs under WLAN-AutoConfig:

  1. Event 11010

    Wireless security started.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Local MAC Address: 08:71:90:**:**:**
    Network SSID: ********
    BSS Type: Infrastructure
    Authentication: WPA2-Enterprise
    Encryption: AES-CCMP
    FIPS Mode: Disabled
    802.1x Enabled: Yes

  2. Event 12014, same second as above.

    Wireless 802.1x authentication was restarted.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Local MAC Address: 08:71:90:**:**:**
    Network SSID: ********
    BSS Type: Infrastructure
    Eap Information: Type 13, Vendor ID 0, Vendor Type 0, Author ID 0
    Restart Reason: Peer Initiated

  3. Event 12104, same second as above.

    Wireless 802.1x authentication was restarted.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Local MAC Address: 08:71:90:**:**:**
    Network SSID: ********
    BSS Type: Infrastructure
    Eap Information: Type 13, Vendor ID 0, Vendor Type 0, Author ID 0
    Restart Reason: Peer Initiated

  4. Event 12011, same second as above.

    Wireless 802.1x authentication started.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Local MAC Address: 08:71:90:**:**:**
    Network SSID: ********
    BSS Type: Infrastructure
    Eap Information: Type 13, Vendor ID 0, Vendor Type 0, Author ID 0

  5. Event 12012, 1 second since top.

    Wireless 802.1x authentication succeeded.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Local MAC Address: 08:71:90:**:**:**
    Network SSID: ********
    BSS Type: Infrastructure
    Identity: host/********
    User:
    Domain:

  6. Event 11004, 3 seconds since top.

    Wireless security stopped.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Local MAC Address: 08:71:90:**:**:**
    Network SSID: ********
    BSS Type: Infrastructure
    Security Hint: The operation was successful.

  7. Even 8002 (Error), 3 seconds since top.

    WLAN AutoConfig service failed to connect to a wireless network.

    Network Adapter: Intel(R) Wireless-AC 9260 160MHz
    Interface GUID: {4e486378-dbc2-4fc5-852f-5ab68e116344}
    Connection Mode: Automatic connection with a profile
    Profile Name: ********
    SSID: ********
    BSS Type: Infrastructure
    Failure Reason:The operation was cancelled.
    RSSI: -35

So why is the connection immediately stopping after receiving an authentication succeeded? I.E., why was the operation cancelled?

I've also reviewed the logs on the WAP, including packet captures of the RADIUS traffic.  There are no errors included, other than EAP successes, and even a momentary STA association and connection.  It's almost as if in Windows 10 version 2004, this "success" message is never making it from the driver to Windows.

Please advise.

0 Kudos
1 Solution
ziesemer
Novice
‎08-26-2020 06:20 PM
33,589 Views
Solved Jump to solution

For anyone else finding this:

As part of the Intel case # 04714529 opened with this, they opened an engineering case with Microsoft.  Microsoft confirmed that there can be a MIC error in Msg2 of the EAPOL 4-way Handshake during authentication. The only workaround shared so far has been the following:

don’t use WPA2/3-Ent + MFP (CCMP128+AKM SHA256)

This is specific to Windows 10 version 2004, likely as a consequence of the introduced WPA3 support.  This happens despite having WPA3 disabled or not supported on the AP, and not selecting anything for WPA3 in the client config.  Other drivers that do not support WPA3 are apparently not affected.

More clearly, disabling 802.11w Management Frame Protection (MFP) is a work-around for this issue, which I was just able to confirm as successful at least in my initial testing.

Anyone experiencing the same issue here with Windows 10 version 2004 is encouraged to open their own support cases with Microsoft - especially in that apparently this is not yet seen as a serious issue and not prioritized for a fix.  Maybe reference this forum URL and the Intel case # 04714529 with any new opened support cases?

View solution in original post

Copy link

Link Copied

13 Replies
AndrewG_Intel
Employee
‎06-29-2020 03:11 PM
33,885 Views
Solved Jump to solution

Hello ziesemer


Thank you for posting on the Intel® communities.

In order to check this further, could you please provide the following information?


1. Are you having issues with Wi-Fi only or with Bluetooth too (both)?

2. Is the Intel® Wireless-AC 9260 the original wireless adapter that came pre-installed in your system or did you install it on it?

3. Have you checked if this issue happens on different networks? Could you please provide an example of other networks or non-TLS network when it is working fine for reference purposes?

4. Router/Access point brand, model, and firmware version:

5. Have you tried a different router or Access point for testing purposes?

6. Computer power source: plugged in or battery?

7. Network SSID stealth mode: hidden or broadcast?

8. How many systems do you have affected by this behavior?

9. Wireless security method:

  • Encryption Type (Open, RC4, TKIP, AES):
  • 802.1X authentication type (WEP, TKIP, CCMP): 
  • Key Management Type (PEAP, EAP-FAST)


10. If possible, have you checked if this issue happens testing only the PC/laptop and the router/Access Point? (no other wireless devices connected to the wireless network during this test).



Also, please run the Intel® System Support Utility (Intel® SSU) and attach the report to this thread to gather more details about your system.

 

1- Download the Intel® SSU and save the application on your computer.

https://downloadcenter.intel.com/download/25293/Intel-System-Support-Utility-for-Windows-

 

2- Open the application, check the "Everything" checkbox, and click "Scan" to see the system and device information. The Intel® SSU defaults to the "Summary View" on the output screen following the scan. Click the menu where it says "Summary" to change to "Detailed View".

 

3- To save your scan, click Next and click Save.



Best regards,


Andrew G.

Intel Customer Support Technician


0 Kudos
Copy link
ziesemer
Novice
‎06-29-2020 03:44 PM
33,878 Views
Solved Jump to solution
In response to AndrewG_Intel

Thank you for the prompt reply!

Issue is with WiFi only.

I separately and recently purchased the 9260 as an upgrade to my system's original 8265NGW, in order to benefit from the latest Intel driver versions and WPA3 support.  Both, however, are now having the same identical issues with WPA2/3-Enterprise connections - but only under Windows 10 version 2004 (upgrade or reinstall).

I have no issues connecting to any WPA2-PSK or even WPA3-PSK networks.  I did also try creating a new test WPA2-Enterprise network on 2.4 GHz instead of the prior 5 GHz for testing, with the same results.

For testing purposes, I have a NETGEAR R700 or a GL.iNet GL-AR750S, both running OpenWrt 19.07.3.  I also have a few TRENDnet wireless routers that I could install OpenWrt or stock firmware on.

Otherwise, for different access points - I am looking for additional options available for testing.

Computer power source: Plugged-in or battery, does not make a difference.

Network SSID stealth mode: Broadcast.

How many systems do you have affected by this behavior?  One at present, but already ruled-out a faulty Windows installation by performing a clean re-install of Windows, and multiple wireless cards.

Wireless Security method: AES, CCMP, EAP-TLS - as detailed at https://www.intel.com/content/www/us/en/support/articles/000006999/network-and-i-o/wireless-networking.html .

When I created the WPA-2 Enterprise test on 2.4 GHz, it was a single-device test.  I will re-test on a completely isolated WAP and SSID.

I will run the Intel SSU.  Is there a way I can PM the results to you, or otherwise upload to Intel - without attaching to the thread?

FYI, Intel case # 04714529 has since been opened for this issue as well.

In response to AndrewG_Intel
0 Kudos
Copy link
dudu2030
Beginner
‎10-09-2020 02:34 AM
32,987 Views
Solved Jump to solution
In response to AndrewG_Intel

i found a workaround solution.

all you need to do is Manually create the SSID 

go to network and sharing center > setup a new connection > manually connect to a wireless network > 

provide the necessary information and save.

let me know

In response to AndrewG_Intel
0 Kudos
Copy link
ziesemer
Novice
‎10-09-2020 06:58 AM
32,980 Views
Solved Jump to solution
In response to dudu2030

This is not at all applicable here.  In using EAP-TLS, the wireless profile needs to be manually created through this method or other automation, regardless.  In any case, this will only work in current versions of Windows 10 version 2004 if 802.11w MFP is disabled on the AP, as per my 8/26 notes above.

In response to dudu2030
0 Kudos
Copy link
AndrewG_Intel
Employee
‎06-29-2020 03:39 PM
33,879 Views
Solved Jump to solution

Hello ziesemer


We just noticed that you have contacted Intel® Customer Support directly and we found out that you are being assisted through an internal support case regarding this same issue. Having said that, we will proceed to close this thread to avoid duplication of effort and the assistance will continue through the internal case.


Best regards,


Andrew G.

Intel Customer Support Technician


0 Kudos
Copy link
ziesemer
Novice
‎08-05-2020 04:04 AM
33,750 Views
Solved Jump to solution

FYI, there is no change in the latest 21.110.1 drivers, dated 2020-07-01, released 2020-08-04 - I'm still unable to connect to WPA2-Enterprise EAP-TLS networks after the Windows 10 version 2004 upgrade.

I am still seeking feedback from anyone who is able to reproduce the same conditions here (Windows 10 version 2004, WPA2-Enterprise EAP-TLS, and Intel 21.x drivers).  Are you able to successfully connect?  If so, what is the same or changed in your test parameters compared to what I've posted here?

0 Kudos
Copy link
ziesemer
Novice
‎08-26-2020 06:20 PM
33,590 Views
Solved Jump to solution

For anyone else finding this:

As part of the Intel case # 04714529 opened with this, they opened an engineering case with Microsoft.  Microsoft confirmed that there can be a MIC error in Msg2 of the EAPOL 4-way Handshake during authentication. The only workaround shared so far has been the following:

don’t use WPA2/3-Ent + MFP (CCMP128+AKM SHA256)

This is specific to Windows 10 version 2004, likely as a consequence of the introduced WPA3 support.  This happens despite having WPA3 disabled or not supported on the AP, and not selecting anything for WPA3 in the client config.  Other drivers that do not support WPA3 are apparently not affected.

More clearly, disabling 802.11w Management Frame Protection (MFP) is a work-around for this issue, which I was just able to confirm as successful at least in my initial testing.

Anyone experiencing the same issue here with Windows 10 version 2004 is encouraged to open their own support cases with Microsoft - especially in that apparently this is not yet seen as a serious issue and not prioritized for a fix.  Maybe reference this forum URL and the Intel case # 04714529 with any new opened support cases?

Copy link
SurW
Beginner
‎12-17-2020 11:35 AM
31,205 Views
Solved Jump to solution
In response to ziesemer

I tried this solution but it did not work. we are using unifi and I did disable PFM option.

Any other suggestion? 

In response to ziesemer
0 Kudos
Copy link
kathampy
New Contributor I
‎01-01-2021 03:31 PM
31,008 Views
Solved Jump to solution
In response to SurW

I had to disable 802.1x-SHA256 under Authentication Key Management as well. PMF could be set to either Optional or Disabled.

In response to SurW
0 Kudos
Copy link
DavidAdino
Beginner
‎02-25-2021 08:23 PM
29,742 Views
Solved Jump to solution
In response to kathampy

Hi,

 

Did anyone manage to try version 20H2?

It seems like WPA2-Enterprise with PMF is still not working.

 

Br

David

In response to kathampy
0 Kudos
Copy link
SurW
Beginner
‎02-26-2021 11:26 AM
29,697 Views
Solved Jump to solution
In response to DavidAdino

ver 20H2 does not works in my case

I narrow down the issue and it's only Intel AC-9560 has issue. I have another laptop with AC-8265 and did not have issue.

the only way to fix it, I have to uninstall driver, reboot, uninstall one more time and it will take me to the older version. the older version works fine. only the latest intel driver has issue

In response to DavidAdino
0 Kudos
Copy link
DavidAdino
Beginner
‎02-28-2021 05:15 AM
29,660 Views
Solved Jump to solution
In response to SurW

Hi @SurW ,

 

Possible to share the driver version you tested working?

My device in 20H2 did not work for AX and AC Nic (8265 and 9xxx).

 

Thanks in advance!

BR

David

In response to SurW
0 Kudos
Copy link
WadeP
Beginner
‎07-06-2021 03:00 PM
26,175 Views
Solved Jump to solution
In response to ziesemer

It appears to be fixed in Windows 10 May 2021 Update (21H1, build 19043).

Here is a release note from an Insider build:

  • We fixed an issue that causes Wi-Fi connections to fail because of an invalid Message Integrity Check (MIC) on a four-way handshake if Management Frame Protection (MFP) is enabled.

https://blogs.windows.com/windows-insider/2021/06/17/releasing-windows-10-build-19043-1081-21h1-to-beta-release-preview-channels/

 

I was having the same issue with Intel AX210, Windows 20H2, driver 22.50.1.1, and MFP set to required on the AP.

The issue seems to resolved after the upgrade. 

 

In response to ziesemer
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.