Windows 7 / Networking

How to Connect to a Domain When 802.1X Authentication Is Enabled

For networks with 802.1X authentication, joining a domain is slightly more complicated. During 802.1X authentication, the client authenticates the server's identity by ensuring that the server certificate is valid and was issued by a trusted certification authority (CA). However, if you used an internal CA (such as one hosted by Windows Server 2003 certificate services) to issue the server certificate, the CA will not be trusted by default until the computer joins a domain. Therefore, to join the domain, you must temporarily configure the client computer to ignore the 802.1X authentication server's certificate.

Note If you have configured your 802.1X authentication servers with a server certificate issued by a public CA that is trusted by Windows by default, you can leave the Validate Server Certificate check box selected.

To join a domain with 802.1X authentication enabled, follow these steps:

  1. Start the Services console, start the Wired AutoConfig service, and set the Wired AutoConfig service to start automatically.
  2. Open Network And Sharing Center and then click Manage Adapter Settings.
  3. Right-click the network adapter and then click Properties.
  4. In the Properties dialog box, click the Authentication Tab. Click the Choose A Network Authentication Method list and then click Microsoft: Protected EAP (PEAP).
  5. Click Settings. In the Protected EAP (PEAP) Properties dialog box, clear the Validate Server Certificate check box. Click OK twice.
  6. Follow the standard instructions for joining the computer to a domain, as described in the previous section.
  7. After the computer has joined the domain and is restarted, perform steps 2 though 5 again. This time, in step 5, select the Validate Server Certificate check box.

To automate this process partially, configure a computer running Windows 7 to not validate the server certificate. Then use the Netsh lan export profile command to export a profile for the configured network adapter. You can create a script to import that profile on other client computers to allow them to join a domain without validating a server certificate.

[Previous] [Contents]

In this tutorial:

  1. Configuring Windows Networking
  2. Usability Improvements
  3. Network And Sharing Center
  4. Network Explorer
  5. How Windows Finds Network Resources
  6. How Windows Publishes Network Resources
  7. How Windows Creates the Network Map
  8. Network Map
  9. Set Up A Connection Or Network Wizard
  10. Manageability Improvements
  11. Network Location Types
  12. Policy-Based QoS
  13. Selecting DSCP Values
  14. Planning Traffic Throttling
  15. Configuring QoS Policies
  16. Configuring System-Wide QoS Settings
  17. Configuring Advanced QoS Settings
  18. Testing QoS
  19. Windows Firewall and IPsec
  20. Windows Connect Now in Windows 7
  21. Core Networking Improvements
  22. Networking BranchCache
  23. How Hosted Cache Works
  24. How Distributed Cache Works
  25. Configuring BranchCache
  26. BranchCache Protocols
  27. File Sharing Using SMB
  28. Web Browsing with HTTP (Including HTTPS)
  29. DNSsec
  30. GreenIT
  31. Efficient Networking
  32. What Causes Latency, How to Measure It, and How to Control It
  33. TCP Receive Window Scaling
  34. Scalable Networking
  35. Improved Reliability
  36. IPv6 Support
  37. 802.1X Network Authentication
  38. Server Message Block (SMB) 2.0
  39. Strong Host Model
  40. Wireless Networking
  41. Improved APIs
  42. Network Awareness
  43. Improved Peer Networking
  44. Services Used by Peer-to-Peer Networking
  45. Managing Peer-to-Peer Networking
  46. Peer-to-Peer Name Resolution
  47. EAP Host Architecture
  48. Layered Service Provider (LSP)
  49. Windows Sockets Direct Path for System Area Networks
  50. How to Configure Wireless Settings
  51. Configuring Wireless Settings Manually
  52. Using Group Policy to Configure Wireless Settings
  53. How to Configure TCP/IP
  54. DHCP
  55. Configuring IP Addresses Manually
  56. Command Line and Scripts
  57. How to Connect to AD DS Domains
  58. How to Connect to a Domain When 802.1X Authentication Is Not Enabled
  59. How to Connect to a Domain When 802.1X Authentication Is Enabled