Wireless EAP Enforcement Client Is Not Enabled

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

This problem can occur when you are using Network Access Protection (NAP) client computers running Windows XP with Service Pack 3 (SP3). This is because the wireless EAP enforcement client used for computers running Windows XP with SP3 is different from the enforcement client for wireless clients running Windows Vista®.

Description of system behavior

If a NAP client running Windows XP with SP3 does not have the Wireless Eapol Quarantine Enforcement Client setting enabled, it cannot be a wireless 802.1X enforcement client.

Associated operating system events

  • NPS event ID 6273: The Network Policy Server denied access to a user.

Root cause diagnosis and resolution

To resolve this issue, use Group Policy or the command line to enable the Wireless Eapol Quarantine Enforcement Client setting.

The wireless EAPOL enforcement client is not enabled

You can use Group Policy or the command line to enable the wireless EAPOL enforcement client. Use Group Policy to enable the enforcement client on multiple NAP client computers running Windows XP with SP3. This enforcement client will not be enabled on computers running Windows Vista. Computers running Windows Vista use the same enforcement client for wired and wireless 802.1X authenticating connections.

Resolution

To repair this problem, enable the wireless EAPOL enforcement client in Group Policy.

Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To repair this problem

  1. On a domain controller or member server with the Group Policy Management feature installed, click Start, click Run, type gpme.msc, and then press ENTER.

  2. In the Browse for a Group Policy Object dialog box, click the Create New Group Policy Object icon, type the name of the Group Policy object (GPO) (for example, XP NAP GPO), and then click OK. The Group Policy Management Editor opens.

  3. In the Group Policy Management Editor, open Computer Configuration\Policies\Administrative Templates\Windows Components\Network Access Protection, double-click Allow the Network Access Protection client to support the 802.1x Enforcement Client component, click Enabled, and then click OK.

  4. Close the Group Policy Management Editor.