EAP methods such as EAP-TLS and PEAP-TLS can cause EAPHost or RASMAN services to stop responding

Symptoms

Windows Extensible Authentication Protocol (EAP) methods that use certificates that have strong private key protection sometimes cause the Extensible Authentication Protocol Host (EAPHost) service or the RASMAN service to stop responding. Such EAP methods include Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) and Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS).

↑ Back to the top

Cause

This problem occurs when the certificate that is used by EAP-TLS or by PEAP-TLS for user authentication has to start a user interface. A certificate of this kind cannot be used for EAP authentication in Windows. However, Windows cannot completely filter out these kinds of certificates.

↑ Back to the top

Workaround

To work around this issue, do not use certificates for EAP-TLS or PEAP-TLS authentication in Windows if those certificates have strong private key protection or display a user interface. For more information about the requirements for EAP authentication, click the following article number to view the article in the Microsoft Knowledge Base:

814394 Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS

For more information about how to deploy EAP, download the following white paper from the Microsoft Download Center:

Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows

↑ Back to the top

Keywords: kbprb, kbsurveynew, kbpubtypekc, kbtshoot, kbexpertiseadvanced, kbcertservices, kbdigitalcertificates, kb

↑ Back to the top

Article Info

Article ID	:	982731
Revision	:	2
Created on	:	11/1/2018
Published on	:	11/1/2018
Exists online	:	False
Views	:	140

Microsoft KB Archive Search

EAP methods such as EAP-TLS and PEAP-TLS can cause EAPHost or RASMAN services to stop responding

Symptoms

Cause

Workaround