Is WPA2-Enterprise just plain broken in Vista Home?

We recently rolled out WPA2-Enterprise authentication with a RADIUS
backend in my organization. Works great - folks using Macs can get on
with no configuration other than importing the radius server
certificate beforehand (though even that's not necessary if you don't
mind clicking "Accept" four or five times). People with all flavors of
service-packed XP can get on, too, after manually creating the
network. Even Vista Business and above are as relatively pain-free as
XP setups. However, no computer running Vista Home (Basic,
Premium...makes no difference) has yet connected properly. I've done
all the steps listed here and other places - new drivers for the
wireless cards, all service packs up-to-date (including 932063, which
half the time doesn't install and all the time doesn't fix the
problem), and still I get nothing. Our configuration prefers WPA2-
Enterprise with AES encryption (TKIP is also supported, and it didn't
make a difference when I changed between the two). Authentication
method is PEAP. We don't validate against a server certificate (though
I tried turning that on and selecting our organization's root cert -
no luck) and we don't use Windows logons for authentication. I think
that covers all the options. Every Vista Home user gets to the point
where they specify "additional credentials" and put in their username
and password...and every time it fails, telling them that additional
certifications are required to connect.

I can't find a lick of information out there about Vista Home and WPA2
Enterprise. Did Microsoft just decide that home users wouldn't need to
use enterprise-level security and not test anything? I can't believe
this is a hardware problem - I've had Broadcom, Atheros, and Intel
chipsets spread across Dells, Toshibas, Lenovos, Compaqs, and
Gateways. Those models, when running Vista Business completely
unpatched, can connect flawlessly the first time using the same
configuration settings, which leads me to place the blame squarely in
Home's lap. Can anyone confirm or give suggestions on how this might
be solved? And upgrading the clients is not an option - these are
students at a university.

On Aug 14, 12:31 am, tmountjr <tmoun...@gmail.com> wrote:
> We recently rolled out WPA2-Enterprise authentication with a RADIUS
> backend in my organization. Works great - folks using Macs can get on
> with no configuration other than importing the radius server
> certificate beforehand (though even that's not necessary if you don't
> mind clicking "Accept" four or five times). People with all flavors of
> service-packed XP can get on, too, after manually creating the
> network. Even Vista Business and above are as relatively pain-free as
> XP setups. However, no computer running Vista Home (Basic,
> Premium...makes no difference) has yet connected properly. I've done
> all the steps listed here and other places - new drivers for the
> wireless cards, all service packs up-to-date (including 932063, which
> half the time doesn't install and all the time doesn't fix the
> problem), and still I get nothing. Our configuration prefers WPA2-
> Enterprise with AES encryption (TKIP is also supported, and it didn't
> make a difference when I changed between the two). Authentication
> method is PEAP. We don't validate against a server certificate (though
> I tried turning that on and selecting our organization's root cert -
> no luck) and we don't use Windows logons for authentication. I think
> that covers all the options. Every Vista Home user gets to the point
> where they specify "additional credentials" and put in their username
> and password...and every time it fails, telling them that additional
> certifications are required to connect.
>
> I can't find a lick of information out there about Vista Home and WPA2
> Enterprise. Did Microsoft just decide that home users wouldn't need to
> use enterprise-level security and not test anything? I can't believe
> this is a hardware problem - I've had Broadcom, Atheros, and Intel
> chipsets spread across Dells, Toshibas, Lenovos, Compaqs, and
> Gateways. Those models, when running Vista Business completely
> unpatched, can connect flawlessly the first time using the same
> configuration settings, which leads me to place the blame squarely in
> Home's lap. Can anyone confirm or give suggestions on how this might
> be solved? And upgrading the clients is not an option - these are
> students at a university.

If it makes a difference, the radius server is reporting that no
password is being sent. It's not just that it's asking for more, the
server thinks nothing has been sent to it.

Hi,

Just a hint that may help. I had a customer with Vista Home who had a hard
time connecting to the Internet on a wireless network with WPA2 (intermittent
connection). Checked with Acer and all the solutions they offered didn't
work. Solution was to downgrade to WPA and bingo, he can connect every time.
Seems like WPA2 is broken in Vista Home.
--
Pierre Forget


"tmountjr" wrote:

> On Aug 14, 12:31 am, tmountjr <tmoun...@gmail.com> wrote:
> > We recently rolled out WPA2-Enterprise authentication with a RADIUS
> > backend in my organization. Works great - folks using Macs can get on
> > with no configuration other than importing the radius server
> > certificate beforehand (though even that's not necessary if you don't
> > mind clicking "Accept" four or five times). People with all flavors of
> > service-packed XP can get on, too, after manually creating the
> > network. Even Vista Business and above are as relatively pain-free as
> > XP setups. However, no computer running Vista Home (Basic,
> > Premium...makes no difference) has yet connected properly. I've done
> > all the steps listed here and other places - new drivers for the
> > wireless cards, all service packs up-to-date (including 932063, which
> > half the time doesn't install and all the time doesn't fix the
> > problem), and still I get nothing. Our configuration prefers WPA2-
> > Enterprise with AES encryption (TKIP is also supported, and it didn't
> > make a difference when I changed between the two). Authentication
> > method is PEAP. We don't validate against a server certificate (though
> > I tried turning that on and selecting our organization's root cert -
> > no luck) and we don't use Windows logons for authentication. I think
> > that covers all the options. Every Vista Home user gets to the point
> > where they specify "additional credentials" and put in their username
> > and password...and every time it fails, telling them that additional
> > certifications are required to connect.
> >
> > I can't find a lick of information out there about Vista Home and WPA2
> > Enterprise. Did Microsoft just decide that home users wouldn't need to
> > use enterprise-level security and not test anything? I can't believe
> > this is a hardware problem - I've had Broadcom, Atheros, and Intel
> > chipsets spread across Dells, Toshibas, Lenovos, Compaqs, and
> > Gateways. Those models, when running Vista Business completely
> > unpatched, can connect flawlessly the first time using the same
> > configuration settings, which leads me to place the blame squarely in
> > Home's lap. Can anyone confirm or give suggestions on how this might
> > be solved? And upgrading the clients is not an option - these are
> > students at a university.
>
> If it makes a difference, the radius server is reporting that no
> password is being sent. It's not just that it's asking for more, the
> server thinks nothing has been sent to it.
>