How Symantec disabled Corporate Wifi on some of the machines.

Issue - Today , some laptop users started reporting as they are unable to connect to corporate wireless after System Center Endpoint protection(SCEP) installation took place. I found, most of the laptop users were having this issue. 
Troubleshooting done - I immediately uninstalled SCEP but that didn’t help , tried removing Wi-Fi profiles under the path ‘C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\Interface’ but that didn’t help too.

Error- When checking event viewer, the only error that showed up is as follows 5 times in a row.
         “Error skipping EAP method DLL path name validation failed. Error: typeId=25, authorId=0,vendorId=0,vendorType=0”, This error indicates a registry or missing corrupt file issue.

EAPHost is a Microsoft Windows Networking component that provides an Extensible Authentication Protocol (EAP) infrastructure for the authentication of following protocols such as 802.1X and Point-to-Point(PPP).

Cause - Symantec didn’t uninstall properly caused this issue.

Resolution – After checking the Group Policy  ‘Wireless Network (IEEE 802.11) Policy’ offering all Wi-Fi profiles , none of the profiles were listed as shown in the figure below
While checking the event viewer found above error, lead me to think that’s a registry issue. I immediately checked the registry path under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP found Symantec .dll files were registered, I exported the EAP registry files from working machine and imported in to the affected machines , rebooted the system and it connected back to WiFi successfully.





Comments

Post a Comment

Popular posts from this blog

Enterprise CA option is greyed out / unavailable

Many times, when installing Active Directory Certificate Services they cannot choose to install Enterprise Certification Authority, because it’s unavailable as in following picture: Well, you need to fulfill basic requirements: Server machine has to be a member server (domain joined). You can run an Enterprise CA on the Standard, Enterprise, or Data Center Windows Edition. The difference is the number of ADCS features and components that can be enabled. To get full functionality, you need to run on Enterprise or Data Center Windows Server 2008 /12/R2/ Editions.  In order to install an Enterprise CA, you must be a member of either Enterprise Admins or Domain Admins in the forest root domain (either directly or through a group nesting). If issue still persists, there is probably a problem with getting correct credentials of your account. There are many thing that can cause it (network blockage, domain settings, server configuration, and other issues). In all ca
Read more

Rearm the Office 2013 installation

Image
There is a 25-day grace period from the time of installation of Key Management Service (KMS) clients before notifications to activate are displayed to the user. If you want to deploy an image, you must rearm your Office 2013 installation before you capture the image. If you do not rearm, users see notification dialog boxes at the time that the image is deployed, instead of 25 days after deployment. The 25-day grace period gives ample time for a KMS host to be found and activation to succeed. If activation is successful, users do not see notifications to activate. Rearm the Office installation Rearming does the following important tasks: Resets the grace timer to 30 days. Freezes the grace timer until either an Office application is run, or the ospp.vbs script is run. Resets the client computer ID (CMID). This is important because the KMS host uses the CMID to determine the num
Read more

MP has rejected registration request due to failure in client certificate

Image
Issue:- We have System Center Configuration Manager 2012 R2 deployed on Windows Server 2008R2 host. Recently we have moved our Certification Authority to Windows Server 2012 , renewed Root CA Certificate and intermediate Certificates also migrated Hashing algorithm from 'sha1' to 'sha2'  . New Root CA and intermediate CA also present on client machines and on SCCM. However, i have discovered these errors on MP: MP has rejected registration request due to failure in client certificate (Subject Name: ) chain validation. If this is a valid client ,  Even though Newly imaged machines are getting SCCM client installed but won't see all the client cycle under 'Actions tab' and also  'client certificate shows "None".  The operating system reported error 2148204809: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.  Solution:- Register  new Certificate of Root CA    under SCCM20
Read more