Hey everyone, I am having an issue trying to authenticate to an 802.11i wireless network using a smart card/CAC. All of the settings for the SSID are correctly identified and configured, but when I try and authenticate to the wireless network the credentials being pulled from the CAC are wrong. It is pulling a 16 digit number (################@mil) instead of the 10 digit EDIPI number that is pulled by every other application (and what our active directory authenticates against). I do not have activclient installed, which does fix the issue, but I am trying to get this to work with the native supplicant. For reasons beyond my control I am unable to use Activ Client, so it is not an option. I spoke with the CAC reader manufacturer and they stated it is an issue with the Windows 7 module. He provided me with some debug information that would allow whoever at Microsoft normally handles this to be able to create a hot fix. My question is: a.) Has any one ever experienced this? If so did you fix it? How? b.) Who can I contact in Microsoft so they can provide a hot fix? Their implementation is clearly broken and should be fixed!

Please provide more information on the issue. What is the excat error that we get can we get the ras tracing output from the client. http://blogs.technet.com/b/rrasblog/archive/2006/06/20/437481.aspx what is the debug info that you have? Sumesh P - Microsoft Online Community Support

When connecting to a wireless network using 802.11i authentication there is a number that is pulled off of your smart card (EDIPI) to be sent to active directory to be able to authenticate you. The number that is being read off of the smart card right now using the Windows 7 native supplicant is the wrong number, as described below. The debug information is provided as well. It is important to note that there is not an error, per se, it is that the Windows 7 native supplicant is taking the wrong information off of the smart card; it is not inserting the delimters correctly. The EDIPI number is read correctly in other environments, and by other applications, the wireless authentication is not correct though. So the process is listed below in detail, with the issues, as follows. The steps listed below are after the user has selected the wireless network and is prompted for the PIN. The software subsequently picks up the fields and formats them to the final wireless user name. The parser that constructs the name seems to be making an error. The data is formatted as per TIG SEPACS 2.2 specification. The format is <B> agency code (4 digits) <D> system code (4 digits) <D> credential (6 digits) <D> credential series (1 digit) <D> credential issue (1 digit) <D> Person Identifier (10 digits) Organization Category (1 digit) Organization Identifier (4 digits) Association Category (1 digit) <F> Where <B>, <D> and <F> are delimiters (markers) The decoded data from card was Agency code = 1700 System code = 1572 Credential = 009201 Credential Series = 0 Credential Issue = 0 Person Identifier = 1393803483 Organization Category = 1 (means Federal Government Agency) Organization Identifier = 1700 (this matches the agency code) Association Category = 2 (Civilian) If you look at the data organization above, you shall notice that the fields after the Person Identifier do not have a delimiter. The software needs to stop after it has parsed 10 digits but it seems to be continuing until it encounters a non-numeric character. Hence the 117002 at the end of the person identifier when it constructs the name for wireless login. The parser is a Microsoft module and this information should be able to provide a hotfix for it. Thanks again for your help! I am hoping you can provide me with some guidance for resolution.

Can you get the RAS trace, steps are mentioned above. Sumesh P - Microsoft Online Community Support

Also please see if this hotfix addresses your issue: 2549818 You are prompted to enter your PIN to connect to a Wi-Fi network on an SSO-enabled computer that is running Windows 7Sumesh P - Microsoft Online Community Support

I checked with some in-house experts, it is recommended that you open a support case with us to further troubleshoot this issue as active troubleshooting is required to get to the root of this issue. Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophoneSumesh P - Microsoft Online Community Support

I tried the hotfix and it did not work. I have opened a ticket and it seems to be going slowly. There are quite a few troubleshooting steps they are taking me through, regardless of the information I provided them being pretty much how to resolve the issue. They are very helpful, but I am wondering if it is not a "networking" issue, how can I have them send it to the "Smart Card" team? Thanks!