Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. After you disable an RCA that was automatically added by a client computer that uses IEEE 802.1X authentication, the Windows XP-based client computer or the Windows Server 2003-based client computer unexpectedly still trusts the RCA

After you disable an RCA that was automatically added by a client computer that uses IEEE 802.1X authentication, the Windows XP-based client computer or the Windows Server 2003-based client computer unexpectedly still trusts the RCA

View products that this article applies to.

Symptoms

Consider the following scenario:
  • On a Microsoft Windows XP-based client computer or a Microsoft Windows Server 2003-based client computer, you configure the client computer to use IEEE 802.1X authentication.
  • You modify the properties of the IEEE 802.1X authentication method to enable or to disable a Trusted Root Certification Authority (TRCA) by using a TRCA list. For example, you use a TRCA to issue a certificate for a RADIUS Server.
In this scenario, all the check boxes of the RCAs in the TRCA list are not selected by default. However, they are trusted by the client unexpectedly. Additionally, if you use the TRCA list to disable a Root Certification Authority (RCA) that was automatically added during the installation of the operating system, the client unexpectedly still trusts the RCA.

Note If you use the TRCA list to disable a RCA that is manually added, the client will not trust the RCA. This is expected. This problem occurs when you use wired 802.1X or wireless 802.1X together with any kind of authentication method.

↑ Back to the top

Cause

This problem occurs because all the TRCAs are always trusted. This is the default behavior. Additionally, the list of TRCAs only refers to the Root Certification Authority that was recently added. Therefore, if you use the TRCA list to disable a Root Certification Authority (RCA) that was automatically added by the client, the client unexpectedly still trusts the RCA.

↑ Back to the top

More information

Steps to reproduce

  1. Configure the client network connection to use 802.1X authentication.
  2. Make sure that you have added a TRCA on the client.
  3. Configure a valid certificate to the RADIUS Server by using the TRCA that is mentioned in step 2.
  4. Configure the properties of the 802.1X authentication method on the client. Make sure that you enable the TRCA that is mentioned in step 2 and that you disable one default TRCA.
  5. Start 802.1X authentication. For example, enable or disable the Ethernet network adapter.
  6. The connection will succeed unexpectedly.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: KB930455, kbprb, kbtshoot

↑ Back to the top

Article Info
Article ID : 930455
Revision : 6
Created on : 2/22/2007
Published on : 2/22/2007
Exists online : False
Views : 265