802.1x authentication fails due to disabled network adapter

  • Document ID:7008098
  • Creation Date:10-Mar-2011
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      Client for Open Enterprise Server (Novell Client)

Environment

Novell Client 2 SP1 for Windows Vista
Novell Client 2 SP1 for Windows Server 2008
Novell Client 2 SP1 for Windows 7
Novell Client 2 SP1 for Windows Server 2008 R2
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5
802.1x Authentication

Situation

When attempting to login in with 802.1x authentication enabled in the Novell Client, the login may fail.
An error similar to  "No 802.1x connections available" may be seen.
Logging in "Workstation Only" and subsequently logging in via the "Red N" works as expected.
Upon examining the state of the network adapter (using ncpa.cpl), you notice that the adapter state is "Disabled".

Resolution

Novell Client for Windows 7: Fixed in Novell Client 2 SP2 or later.
Novell Client for Windows XP: Fixed in updated NOVEAP.DLL dated 16Nov2011 or later.

Additional Information

Prior to a fix being available, the following workarounds were possible:

Use one of the following methods to enable the network adapter to be automatically enabled every time the workstation is booted.
 
Method I: Netsh.exe (For Windows 7)
 
1. Open an elevated command (cmd.exe) prompt and type this command to identify the interfaces and their names:

netsh interface show interface
 
The output may be similar to the following:
 
Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled                       Dedicated        Local Area Connection
Enabled                       Dedicated        1394 Connection
Enabled                       Dedicated        Wireless Network Connection
Enabled                       Internal             Internal
Enabled                       Loopback         Loopback

2. Using Notepad or a similar text editor, create a batch file (such as "EnableAdapter.bat") with the following line:

netsh interface set interface "<interface name>" ENABLE

Typically, the line would be:

netsh interface set interface "Local Area Connection" ENABLE

3. Copy the batch file EnableAdapter.bat and netsh.exe to C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup

4. Run GPEDIT.MSC. Click Computer Configuation -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup. Click Add. In the "Script Name:" field, enter the name of the batch file (e.g. EnableAdapter.bat), click OK, Apply, OK.

See Microsoft Article ID: 242468"How to Use the Netsh.exe Tool and Command-Line Switches" for more information about Netsh.exe

Method II: DevCon.exe (For Windows XP)

1. Download the DevCon.exe command line utility. http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272

2. Unzip DevCon and identify the correct build for your operating system (32 or 64-bit). For convenience, copy DevCon.exe to <systemroot>\system32.

3. Open an elevated command prompt and execute this command:

c:\>devcon hwids =net

4. Identify the output for the network adapter which is being disabled. For example, the output might be:

Hardware ID's:
         *ISATAP
PCI\VEN_8086&DEV_100F&SUBSYS_0750151E&REV_01\4&B704118&0&0888
    Name: Intel(R) PRO/1000 MT Network Connection
    Hardware ID's:
         PCI\VEN_8086&DEV_100F&SUBSYS&075015AD&REV_01
         PCI\VEN_8086&DEV_100F&SUBSYS&075015AD
         PCI\VEN_8086&DEV_100F&CC_020000
         PCI\VEN_8086&DEV_100F&cc_0200

Identify the string that uniquely identifies the network adapter, and verify that it is a unique string. Using the example above, we might assume that "VEN_8086" uniquely identifies the network adapter. We can test this by using this command:

C:\i386>devcon find *VEN_8086
PCI\VEN_8086&DEV_7190&SUBSYS_197615AD&REV_01\3&18D45AA6&0&00: Intel 82443BX Pentium(R) II Processor to PCI Bridge
PCI\VEN_8086&DEV_7191&SUBSYS_00000000&REV_01\3&18D45AA6&0&08: PCI standard PCI-to-PCI bridge
PCI\VEN_8086&DEV_100F&SUBSYS_075015AD&REV_01\4&B70F118&0&0888: Intel(R) PRO/1000 MT Network Connection
PCI\VEN_8086&DEV_7110&SUBSYS_197615AD&REV_08\3&18D45AA6&0&38: Intel 82371AB/EB PCI to ISA bridge (ISA mode)
PCI\VEN_8086&DEV_7111&SUBSYS_197615AD&REV_01\3&18D45AA6&0&39: Intel(R) 82371AB/EB PCI Bus Master IDE Controller
5 matching device(s) found.

We see that "VEN_8086" does not identify the network card uniquely. But, we observe that the "DEV_100F" does appear to be unique. We test this by executing the following command:

C:\i386>devcon find *DEV_100F
PCI\VEN_8086&DEV_100F&SUBSYS_075015AD&REV_01\4&B70F118&0&0888: Intel(R) PRO/1000 MT Network Connection
1 matching device(s) found.

The string "DEV_100F" does uniquely identify the network adapter.

5. Using Notepad or a similar text editor, create a batch file (such as "EnableAdapter.bat") with the following line:

devcon enable *<Hardware ID>*

In the example above, the line would be:

devcon enable *DEV_100F*

6. Copy the batch file EnableAdapter.bat and DevCon.exe to C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup

7. Run GPEDIT.MSC. Click Computer Configuation -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup. Click Add. In the "Script Name:" field, enter the name of the batch file (e.g. EnableAdapter.bat), click OK, Apply, OK.


See Microsoft Article ID: 311272"The DevCon command-line utility functions as an alternative to Device Manager" for more information about DevCon.exe