How to configure wired 802.1X for Windows XP

Service Pack 3 (SP3) has brought some changes to the way that 802.1X is configured for Windows XP.  If you do not have SP3 you need to complete the following four steps before you continue with the configuration:

Before you start, you now need to enable a service called Wired AutoConfig. Without this service enabled, you will not be able to authenticate, and thus not gain access to the network. To enable Wired AutoConfig:
    1. Click the Start button. In the Search box ("Start Search") type services.msc and press "Enter". You must be logged in as an administrator to start this service.
    2. In the Services dialog box, click the "Standard" tab (located in the lower part of the window).
    3. Scroll down to find the Wired AutoConfig service, right click and select "Start".
    4. If you want Wired AutoConfig to start automatically every time you start your computer, right click "Wired AutoConfig" again and select "Properties". In the General tab, set Startup type to Automatic. Click "OK" and then
       close the Services window.

NB! If you are unable to log in after following this guide, try to right click on the taskbar (for example to the side of the clock in the lower right corner), uncheck "Hide inactive icons" and make sure that "show network
   connection" is checked. This will prevent Vista from authenticating with the hostname of your computer, rather than prompting you for your user name and password.

   You can now continue with the rest of the configuration.


Open the panel for Network Connections and choose "Local Area Connection", as shown in this example:

Local Area Connection
   Choose the "Authentication" tab. You should see a window similar to this one:

   "Enable IEEE 802.1x..." should be checked. If it isn't, then do so.
   EAP type must be "Protected EAP (PEAP)".
   The two boxes at the bottom of the window must remain unchecked.
   Click on the button named "Properties", and you will see this window:

   Uncheck "Validate server certificate".
   Choose "Secured password (EAP-MSCHAP v2)" as shown.
   Click "Configure", and you will see this window:

   Uncheck "Automatically use my Windows...".
   Click "OK" in this and the previous window. Finally, click "OK" in the "Local Area Connection Properties" window.
   Your computer is now configured for the 802.1X standard, and will behave properly after a reboot.
   When you start your computer for the first time after reconfiguring, you'll notice that the logon procedure is a bit different.
   After a while, a balloon - like the one shown below - will appear.

   After you've clicked on the balloon, this window will appear:

   Enter your user name and password, but leave the "Logon domain" blank. Click "OK".

   Another balloon will appear, stating "Validating identity".

   This may take a while the first time. Try to disconnect and reconnect your network cable, or reboot your computer again if you run into any problems.
   Click "OK", and you should see this:

   You should now be online with the 802.1X authentication procedure.



Published Aug. 5, 2010 5:12 PM - Last modified Sep. 8, 2010 11:54 AM