Secure Wifi Connection Problems

[sundawg#WP]

I have a Lumia 920 that replaced my Samsung Focus. At my office we have Wifi available for guest and employees. The guest account is open and I have no problems connecting to it. However, the employees one will not connect. The access point is found and listed, I can click to connect and it asks for my credentials. After I enter them and wait a moment I always get a message that says "Connection unsuccessful: Your phone couldn't reach the Wi-Fi network xxx" Where xxx is the name of our employee wifi.

My Focus had no issues connecting to either of these. Any thoughts here? I obviously can't muck with the corporate access points. It is WPA2-Enterprise-AES with PEAP.

What scares me is that searching for this connection error gives quite a few long but unanswerred and old threads for wp7 - including people with Foci (plural for Focus?).

TIA

 

[Squatting Hen]

I have not been able to connect to my buildings Wifi network with my WP 7.5 Titan II. Everyone else here with an Android or iPhone can. I get the same error as you. Really makes me mad.

 

[Genserik]

Not having any issues with my Lumia 822, connecting to a Cisco router broadcasting WPA2

 

[sundawg#WP]

I suspect this has more to do with the authentication type (which in my case is PEAP - i.e. uses my domain username and password). Simple WPA2 with a password works fine. I'm going to bring my Focus to work and confirm it still connects. This is a case where I really wish there was more error messaging/logging in WP.

 

[Lord Vadger]

It would be awesome if you can keep this thread updated as my school uses WPA2-Enterprise-AES with PEAP as well. I don't want to dive in to WP8 until I know whether or not this works.

 

[Letros]

I'm having the same problem, I can't connect to my universities 802.1x EAP-TTLS WiFi service. This is quite annoying because I am no longer on an unlimited data plan, I tweeted Belfiore about this, and added it to Microsoft Answers. Of course, Android and iPhone users can connect with no issues.

 

[sundawg#WP]

I could be wrong and the only reference I have is the Nokia 920 specs sheet - it doesn't list support for EAP-TTLS. It doesn't look like it was supported with WP7 either from some searches. Though for my case the spec sheet does list EAP-MSCHAPv2 which is the kind of authentication I am trying to use with PEAP. As for my experiment with seeing if my Focus still connected...it actually didn't work at first and after a bunch of tries it finally did connect again - but still no luck with the 920. I'll bug IT and see if they have any ideas.

 

[Letros]

I could be wrong and the only reference I have is the Nokia 920 specs sheet - it doesn't list support for EAP-TTLS. It doesn't look like it was supported with WP7 either from some searches. Though for my case the spec sheet does list EAP-MSCHAPv2 which is the kind of authentication I am trying to use with PEAP. As for my experiment with seeing if my Focus still connected...it actually didn't work at first and after a bunch of tries it finally did connect again - but still no luck with the 920. I'll bug IT and see if they have any ideas.

Can software be updated to support more securities, or is it a hardware thing?

 

[sundawg#WP]

@LetrosB - I don't think it is hardware as much as it is firmware. I suspect MS could extend support to more authentication methods and protocols. Someone else can confirm.

I have a theory about the PEAP issue. PEAP requires a validated authentication using certificates. I'm clearly able to contact the secure WAP because I do get asked for my credentials, but I think there is a handshake of sorts that happens before my credentials are passed to the server. This handshake involves looking at the PEAP server's CA. Then the phone checks to see if it has the root certificate installed that matches the cert presented by the PEAP server via the WAP. I bet I don't have the matching root cert. I've a got a call into IT to have them get back to me on what our CA is for PEAP authentication. Again, if this were the case, a better error message from WP would be nice.

What I like about this theory is this maybe explains why iOS and Android don't have the same problem. Either they have a more extensive list of root certs, or maybe the device is skirting the validation step altogether (i.e. blindly trusting that your credentials should be sent to this requestor). This would also explain why folks have varying success and that there doesn't seem to be a pattern with a particular Windows Phone. The pattern may have more to do with the CA being used for PEAP on the WLAN. If we are missing a root cert on our phones, we can add it - fingers crossed...

If anyone has some cold water to throw on my theory, please do.

[update] My IT suggests that we don't verify the certificate for Wifi connections. iOS and Android has the option to skip the verification - WP does not. That's the key to the problem. I'm still waiting to hear what our CA is; as I still think getting the right root cert installed would solve the problem. However, I may find out that the cert on the PEAP server is expired, and I'm willing to bet WP won't like that either. Fortunately, my IT seemed interested in solving the problem.

 

[Lord Vadger]

[update] My IT suggests that we don't verify the certificate for Wifi connections. iOS and Android has the option to skip the verification - WP does not. That's the key to the problem. I'm still waiting to hear what our CA is; as I still think getting the right root cert installed would solve the problem. However, I may find out that the cert on the PEAP server is expired, and I'm willing to bet WP won't like that either. Fortunately, my IT seemed interested in solving the problem.

Thanks for the update. Please keep us posted on what it takes to get it running, then I'll have something to bring to my IT department

 

[phixx79]

I am having a very similar issue

I have noticed that there is a Company Apps in Settings and, honestly, I have no idea what this does. This does, however, allow me some extra information when trying to login to my work network. Things such as server and domain. When the IT people get back into gear at the beginning of the week I hope to grab one of them and get all of the appropriate settings so that I can actually log in. I actually work in a tech job with a lot of critical thinkers and this has been driving people crazy for several days. I am actually having this issue on an HTC 8X (on Verizon) and we have an HTC Trophy that has no issue connecting to the same network.... =(

 

[Letros]

Here's a bunch of other people with issues, hopefully MS wakes up and adds them.

 

[mtbracer1966]

I have a brand new Nokia Lumia 822 with Verizon. I cannot even connect to my own router in my own home. I have a perfect signal but I receive the "phone couldn't reach the wifi network" message. I have tried a hundred times on my own network but have not had the opportunity to try a different network.

I've been waiting for this phone for a long time... if this 'glitch' doesn't get resolved in the next 28 days I'll be done with Windows Phone.

Separate issue... can I customize my "tile screen"?

 

[unstoppablekem]

I have a brand new Nokia Lumia 822 with Verizon. I cannot even connect to my own router in my own home. I have a perfect signal but I receive the "phone couldn't reach the wifi network" message. I have tried a hundred times on my own network but have not had the opportunity to try a different network.

I've been waiting for this phone for a long time... if this 'glitch' doesn't get resolved in the next 28 days I'll be done with Windows Phone.

Separate issue... can I customize my "tile screen"?

First off, I bet Microsoft is on this, so don't leave windows phone. And buy customizing the tile screen, what do you mean?

 

[danbbrantley]

Here's a list of supported Certificates.

SSL Root Certificates for Windows Phone

I've been wondering the same thing - don't have the device yet but have the same connection security and need to know if I'll be able to connect. Thankfully, my university website lists the CA (Verisign Equifax Certificate Authority) and it is listed as supported on WP! Hoping for the best now.

Hope the link helps.

 

[marbla]

You can install new root certificates by mailing them to yourself with a .cer ending (just change the .crt to .cer if you need to and it will work). That doesn't change the fact that ms apparently kind of forgot that supporting corporate customers and a lot of university students and employees involves supporting things like EAP-TTLS. Its native in win8 so it should be quite doable in terms of porting since the WiFi stack is supposedly the same.

 

[gibbyhome]

That is strange since wp8 uses the same IP stack as windows so this issue should happen with a windows 8 PC or a surface. You should ask your IT if they have done any testing with windows 8 or windows RT.
Sent from my RM-820_nam_att_100 using Board Express

 

[Digital Moe]

Oh dear looks like I might not be able to connect to my corporate LAN and this sounds like exactly the issue my Surface has I get a certificate error but my iPhone logs on no problem.

 

[philxor]

I do not have a problem connecting to our corporate network which uses PEAP. Which is funny because my OSX laptop makes me check the certificate every time I connect to it.

The EAP-TTLS issue is something different, it's just not supported right now.

 

[danbbrantley]

I do not have a problem connecting to our corporate network which uses PEAP. Which is funny because my OSX laptop makes me check the certificate every time I connect to it.

The EAP-TTLS issue is something different, it's just not supported right now.

This.

Those unable to connect with PEAP appear to be isolated incidents, likely relating to the certificate as the OP has proposed. Those on EAP-TTLS, well, that needs to be addressed by Microsoft sooner rather than later as it limits the phone's usability to many corporate users.