Microsoft Reduce Customer Effort Center

Our team drives product feedback based on solid data, it drives proactive issue prevention and ultimately, drives improvements around products based on customer feedback.

"Validate server certificate" option is unexpected to check in Wired network (IEEE 802.3) policies

"Validate server certificate" option is unexpected to check in Wired network (IEEE 802.3) policies

  • Comments 6
  • Likes

From forum report, There seems to be large number of enterprise users encounters this issue.

You have a Windows 2008 DC. You create a Wired network policy using Windows 7 GPMC, and the “validate server certificate” option is unchecked. After the GPO is applied, the Windows XP, Vista and Server 2008 start having authentication failure. If you open the policy from a Windows Vista GPMC, and you will find the “validate server certificate” option is checked.



To solve this problem temporarily, you should follow one of the workarounds below:

  • Once this happens, delete and recreate the GPO from Server 2008 (not R2), it works as expected.
  • Create the different OU for the clients, i.e. Win7 clients are in an OU, and Vista and XP are in another OU. Then we create two Wired network policy policies for the option “validate server certificate” respectively.

 

Step to repro:

  1.  Have a windows server 2008 DC, and its domain function level is 2008
  2. Create a wired network GPO and uncheck “validate server certificate” option (under “ Computer Configuration -> policies -> windows settings -> Security Settings -> Wired Network(IEEE 802.3) policies”) using a Windows 7 GPMC
  3. Open this GPO from a Windows Vista GPMC, You will find the “validate server certificate” option is checked.

 Edit: We have released a hotfix to resolve this issue. Please apply the following hotfix if you encounter the same issue:

http://support.microsoft.com/kb/2493933/en-us

Comments
  • I have this exact issue, but when I try and create the policy on a Server 2008 machine it gives me an access denied error when trying to create a new 802.1x policy. Not sure what to do now.

  • Please apply the following hotfix if you encounter the same issue:

    support.microsoft.com/.../en-us

  • The hotfix states that it is for Vista and 2008 only.  What about XP because I am still running into problems with this OS.

  • What I did to get this working was to create the policy on a Windows 7 machine and then modify it on the 2008 (non R2) machine.  Creating the policy on the 2008 box first gave me a result that the Windows 7 machines(as well as XP) could not get that policy.  Even though I created it on the Windows 7 group manager and unchecked validate, I still had to log into the 2008 box where it was not checked.

  • Samuel, thanks for sharing.

  • my server certificate has gone invalid and i am unable to access my mail an error of security error is served when i try to log on my email what to do?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment