Hi everyone,
a customer of mine wants to deploy 802.1x wired authentication in 70+ locations. So I set up a test lab and started playing. Eventually, I had my Cisco Catalyst Switch 3560 (12.2(55) IP-Base image) and my NPS server on Windows Server 2008 R2 up and running. The test client got certificates and all ... But it did not authenticate. Instead, I got reason code 266 "The message received was unexpected or badly formatted."
So I googled a bit and found this old kb article http://support.microsoft.com/kb/933430/en-us. In the workarounds section I used method 3 on my NPS, which modifies the behavior of the SCHANNEL provider. This was indicated by another post on this forum (sorry, lost the link). Surprisingly, it worked! - Now I wonder why?
Does this registry setting effect the security of the TLS session in a negative way? I do not want to roll out this "fix", unless I have a clear understanding of the security implications.
Any feedback is welcome!
----------------------- Greetings from Germany, Martin