Question : PEAP - cannot logon using wireless with IAS, WPA

Hi all,

I am testing our wireless network to change from WEP to WPA encryption with RADIUS (IAS) authentication with certificates.
I have read through and followed the steps outlined in Microsoft's "Securing Wireless LANs with PEAP and Passwords"

On a test laptop, I cannot log onto the client from the logon screen with wireless enabled. It hangs with "Loading / Applying your personal settings"
After logon if I enable the wireless, I get a successful 'connected' wireless message, get assigned a correct DHCP address and can ping internal servers. I can perform successful DNS lookups.
However I cannot browse any servers using '\\servername', or connect to any file & printer shares, or access any AD info.

I get errors in the event logs of the server and client:

Server:
Event ID 2
User  was denied access.
 Fully-Qualified-User-Name = DOMAIN\Guest
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server =
 Policy-Name =
 Authentication-Type = EAP
 EAP-Type =
 Reason-Code = 34
 Reason = Authentication failed because the user account is not enabled. Before the account can be authenticated, a person with administrative rights for either the computer or the domain must enable the user account.

On the client:

Event ID 1053
Windows cannot determine the user or computer name (An internal error occured)
Event ID 15
Automatic certificate enrollment for local system failed to contact the active directory (0x8007041d)
Event ID 40960
The Security System detected an attempted downgrade attack for server .
Event ID 40961
The Security System could not establish a secured connection with the server .

Do I have to do something with the Guest account? - when using PEAP - I didnt read anything in the manual.

Where should I start looking?

Matt

Answer : PEAP - cannot logon using wireless with IAS, WPA

PAQed with points refunded (300)

Computer101
EE Admin