Zach Skidmore Posted October 11, 2013 Report post Posted October 11, 2013 Hey all: Our institution has migrated to using 802.1x on our network. We need to configure our Windows PE 5.0 image for SCCM 2012 to connect to 802.1x. While there are multiple articles on the internet on how to do it, There doesn't appear to be a hotfix for Windows PE 5, only for PE 3. I have checked our PE image and it does not have the Wired auto config service files in it, so it doesn't appear to be built in to PE 5. Anyone know where to get the hotfix for PE 5? Any help is appreciated Quote Share this post Link to post Share on other sites More sharing options...
Aspergillus Posted November 19, 2013 Report post Posted November 19, 2013 Hi M8, Since Win PE 4.0 its part of the PE Distribution. In SCCM go to your Bootimage properties... Then open the tab "Optional Components" and ad Microsoft .NET (WinPE-Dot3Svc) This integrates the 802.1x Service into the Boot Image. You have then to activate it during the task Sequence by a package that does basically the following: REM Import personal/Machine Certificate certutil -p password -importPFX cert.pfx REM Importiere Root Zertifikat... certutil.exe -addstore root CETRIFICATE.cer Rem Start The Network Service and set it to automatic restart sc config Dot3svc start= auto net start Dot3svc REM Import Networkprofile that was exported from a running win7/8 system netsh lan add profile filename=NetProfile.xml This is how it used to work for usin PE 4.0 Microsoft states there are no changes in PE 5.0 but after upgdading our bootimages 802.1x does not work. Anyone here got an idea what might have changed? Regards Aspi Quote Share this post Link to post Share on other sites More sharing options...
Aspergillus Posted November 20, 2013 Report post Posted November 20, 2013 We tried to get our wired 802.1x EAP-TLS working on a windows 8.1 Machine to export the profile there. We are not even able to manually configure Windows 8.1 to connect to our Network!! Quote Share this post Link to post Share on other sites More sharing options...
Aspergillus Posted November 22, 2013 Report post Posted November 22, 2013 It seems that we identified the problem with the help of Microsoft Support.. Win 8.1 and Win PE5.0 can not successfully connect via EAP-TLS if the Zertificate of the Radius Server does not have a CDP Extension. We fixed it with a workarround: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13 ValueName: NoRevocationCheck Type: REG_DWORD Value: 1 After that Win 8.1 and Win PE 5.0 where able to connect. Be aware it is a workarround and is bypassing some security.. so it should not be a permanent solution. Regards Aspi Quote Share this post Link to post Share on other sites More sharing options...
rob343 Posted April 16, 2014 Report post Posted April 16, 2014 Hi quite new to the whole 802.1x stuff our network team kindly dropped this into production. the script above at what stage in the seq do you add it ? also on the standalone boot image how do i integrate the certs/xml files ? is this done in the prestart commands ? any help or pointer gratefully received. thanks Rob Quote Share this post Link to post Share on other sites More sharing options...
mun_khan Posted June 2, 2016 Report post Posted June 2, 2016 Hi, Struggling to make my MDT Deployment work on 802.1x. I followed David's blog https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachments/01/6127/00/00/03/31/62/58/Windows%207%20Deployment%20Procedures%20in%20802%201X%20Wired%20Networks.pdf and stuck halfway. After booting with MDT Boot media (8021x Enabled) the client is getting the IP from DHCP but failing to connect to deploymentshare$, not even pinging any IP on the network. Any ideas? Quote Share this post Link to post Share on other sites More sharing options...
mdqasim Posted March 15, 2017 Report post Posted March 15, 2017 Hi, Its been quite a some time if there was any post or any perfect solution I found for MDT 2013 U2 Windows 10 upgrade from windows 7. Here is the background and what has been tried so far, but there was no luck. Any help will be appreciated. We are setting up windows 10 Migration infra for one of our clients. It went through without any issues on a regular network, however, we were asked to test the same on the secured network as well. Unfortunately, it did not work the secured network so called 802.1x, this is the first time we have come across this scenario. In our deployment scenario, we have an MDT 2013 U2 only. We are initiating the migration task sequence deployment (On Windows 7 machine- in OS mode) by accessing the deployment share over the network via LTIApply.wsf under script folder. Note : All the required Network drivers are available in Winpe. Everything works fine until the machine is rebooted to PE mode. Once the machine gets into PE mode it does not get the IP address due to the secure network. After going through multiple blogs below are the things that we tried, but no luck till now. 1. WinPE Generated adding additional features( IEEE 802.1x, .Net Framework) 2. Injected Windows6.1-KB972831-x64.msu in WinPE 3. Automated script to start service dot3svc 4. Exported Root certificate from existing client machine and added in WinPE through Script 5. Included LAN profile in WinPE, which was extracted from existing Client. I also wanted to include the .pfx into Winpe but unfortunately I could not export it from the other win7 client machine as the option in cert manager is greyed out. I have no clues what else I can try to get this working. let me know if anyone of you has gone through the same or ever worked on the same kind of scenario. Please let me know if something else needs to be in place to get this working Quote Share this post Link to post Share on other sites More sharing options...
