Case 1: A Server Certificate Uses a Key Size of 464 or Less
When you configure Extensible Authentication Protocol-Transport Level Security (EAP-TLS) on a remote access server, and the server's certificate has a key size of 464-bit or less, the client computer receives the first error message described in the "Symptoms" section of this article when it tries to authenticate with the server.
NoteThe client receives this error message occurs whether the client is configured to validate the server certificate or not.
This issue occurs on both Windows 2000 Service Pack 3 (SP3)-based servers and Window Server 2003-based servers and affects both Windows 2000 SP3 and Windows XP-based clients.
Case 2: EAP Client Tries to Reconnect After it Returns from Standby
When a computer that is configured as an EAP client returns from the standby or the hibernation power management mode, it tries to connect to the server by using the EAP session resume feature. However, Internet Authentication Service (IAS) does not currently support the EAP session resume feature. Therefore, the client receives one or both of the error messages described in the "Symptoms" section of this article when it tries to restore the connection.
Case 3: EAP Client Tries To Reconnect an Active VPN Session
When a client removes a smart card during an active Virtual Private Networking (VPN) session, disconnects, and then tries to reconnect to the server, the client may receive the following error message:
Error 0x80090022: Providers could not perform the action since the context was acquired as silent.
This issue occurs intermittently. This issue may occur if the PIN number is not successfully transferred to the Cryptographic Service Provider (CSP) when the user types it during the reconnection attempt. The remote access server may receive the following event message in the Event log:
Case 4: Internet Security and Acceleration (ISA) Server is Configured to Drop Fragmented Packets
If you configure an ISA Server to permit Point to Point Tunneling Protocol (PPTP)/1723 and Generic Routing Encapsulation (GRE) but to block fragmented packets, the client's smart card-connected VPN session is terminated and the client receives the following error message:
The Local Security Authority cannot be contacted (Error 0x80090304). For customized troubleshooting information for this connection, click Help.