Since the release of the microsoft update 3023607 our clients cannot connect to our wireless.  I did some research and see this update is affecting cisco VPN, but I cannot find any information about wireless connectivity.  

Our environment consists of alcatel hardware running WPA2 Enterpise Authentication through Raduis TLS.  Has anyone else had any problems since the updates?

We can easily hide this update and then it solves the problem but it seems microsoft is not pulling this update and doing that for thousands of clients really is not feesable. 

Hi Joshua,

Thanks for your feedback about KB3023607.

Since this update was just released on 11 Feb, till now we haven't received any similar issue or affecting report about this update yet. However, we will note your issue and report it to database.

We will inform you at first time if Microsoft release any patch about this update.

Best Regards

D. Wu

I have the same problem with KB3023607.
No problem at home but WIFI problem at my office where we also use CISCO

I can also confirm that KB3023607 causes our Windows 8.1 clients to be unable to connect to our WPA2 Enterprise wireless network.  We use Cisco equipment as well.  Uninstalling the update resolves the problem.

Tim,

Do you have Protected Management Frame enabled on your 802.1X SSID(s)?

Kyle,

I'm not part of the network team here, so I cannot comment on the particulars of our wireless configuration.  I have simply observed this from the Windows 8.1 client end.  I have made our network team aware of the issue however, and they have reported that they've opened a ticket with Microsoft.

No problem at home but WIFI problem at my office where we also use CISCO

On the same machine?  Then it might be worthwhile tracing both cases and comparing them for their essential differences.  Supposedly there is a trace for  WLAN  alone (netsh wlan se tr ? for help).  Otherwise I guess I would try NetMon.

Good luck

Known issue with the IE update. Most are suggesting to put the file vpngui.exe in Windows 8 compatibility mode [exit Cisco VPN, make changes, optionally reboot, test VPN]. Google the update. Plenty of comments about it now.

Hi guys,

Thanks for feedback about KB3023607.

Now we noticed that similar issues or affecting about this update have been reported. However, there is still no offical information about this patch will be released.

We will inform you at first time if Microsoft release any patch about this update.

Befor thatas what Edward_b mentioned that you could also check if there is any solution from cisco side.

Best Regards

D. Wu

All:

We use Radius's Steel belted Radius EAP TTLS authentication.  Is anyone else seeing the authentication issue similar to the Cisco problem.   .... Also D. WU - Will Microsoft include EAP TTLS fixes for this in the upcoming patch?  The 'Fixit' that was issued does not address our Radius issue.

I appreciate in advance your response!

-Don

Hi Don

Thanks for your reply.

Till now we cannot make sure if Microsoft will release patch for that since it only cause third party network issue. But there is smart chance of it.

We will inform in this thread at first time if Microsoft release any patch about this update.

Best Regards

D. Wu

Our university is also having severe problems with KB3023607.  Windows 8 clients cannot connect to wireless after receiving the update.  We use WPA2 authentication through Radius as well.  Each time a client with the bad update attempts to connect, Windows event logs shows Schannel Event ID:36887 A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code 42.

Hello all,

we have the same problem and it's really annoying. Didn't find any other solution than uninstalling this fix until now. But that can't be the solution, simply a workaround for a short time.

Did anybody find a solution for this problem?

I use following settings for my SSID:

<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>

Would really appreciate a good solution.

Kind regards

Hello all,

we have the same problem and it's really annoying. Didn't find any other solution than uninstalling this fix until now. But that can't be the solution, simply a workaround for a short time.

Did anybody find a solution for this problem?

I use following settings for my SSID:

<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>

Would really appreciate a good solution.

Kind regards

• Proposed as answer by JBagby Saturday, March 07, 2015 11:01 PM

Hello all,

we have the same problem and it's really annoying. Didn't find any other solution than uninstalling this fix until now. But that can't be the solution, simply a workaround for a short time.

Did anybody find a solution for this problem?

I use following settings for my SSID:

<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>

Would really appreciate a good solution.

Kind regards

• Proposed as answer by JBagby Saturday, March 07, 2015 11:01 PM

Hello all,

we have the same problem and it's really annoying. Didn't find any other solution than uninstalling this fix until now. But that can't be the solution, simply a workaround for a short time.

Did anybody find a solution for this problem?

I use following settings for my SSID:

<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>

Would really appreciate a good solution.

Kind regards

• Proposed as answer by JBagby Saturday, March 07, 2015 11:01 PM

Hello all,

we have the same problem and it's really annoying. Didn't find any other solution than uninstalling this fix until now. But that can't be the solution, simply a workaround for a short time.

Did anybody find a solution for this problem?

I use following settings for my SSID:

<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>

Would really appreciate a good solution.

Kind regards

• Proposed as answer by JBagby Saturday, March 07, 2015 11:01 PM
• Marked as answer by Nicolas BONNETMVP, Moderator Friday, March 27, 2015 10:44 AM

Hello all,

we have the same problem and it's really annoying. Didn't find any other solution than uninstalling this fix until now. But that can't be the solution, simply a workaround for a short time.

Did anybody find a solution for this problem?

I use following settings for my SSID:

<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>

Would really appreciate a good solution.

Kind regards

• Proposed as answer by JBagby Saturday, March 07, 2015 11:01 PM
• Marked as answer by Nicolas BONNETMVP, Moderator Friday, March 27, 2015 10:44 AM

Hi austinj5000,

Thanks for feedback about KB3023607.

We have noticed that similar issues or affecting about this update have been reported. you could temporarily hide this update as workarround, and thanks for ClientAdmin's worlaround.

We will inform you here at first time if Microsoft release any patch about this update.

Regards

D. Wu

We're seeing the same issues with wireless on Windows 8.1 clients.  Cisco Wireless controllers, WPA2-Enterprise, AES, PEAP, EAP-MSCHAP v2, Radius. When KB3023607 was released, we had to rollback the update on Windows 8.1 workstations to get users working on wireless and AnyConnect.  They fixed the issues with AnyConnect with the March 10, 2015 updates but the wireless issue still persists and now I don't see KB3023607 installed on my workstation to remove so I'm still trying to figure out which update is breaking it now.  The workstation reports "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 42."  42 is a bad cert error but our clients are set to ignore certificates.  Any help on this would be GREATLY appreciated.

We had this exact same problem, and our network team opened tickets with Microsoft, Cisco and Juniper.  I don't have the exact details because I was not directly involved in implementing the fix, but apparently Microsoft changed the cipher priority list with this patch and the ultimate solution came as a hotfix from Juniper (our radius server).  Our issue is now resolved and Windows 8.1 clients can connect even with the problematic MS patch installed.

Could you please provide solution how to fix this issue. Thx

What was the KB or hotfix ID from Juniper? What Version?

What was the KB or hotfix ID from Juniper? What Version?

I'm also interested. Please provide more Information about the KB or Hotfix ID from Juniper.