2 Replies Latest reply on Dec 22, 2010 3:09 AM by gporritt

    WinPE & 802.1x

    mtb2781 Rookie

      All,

       

      We are currently in the process of converting our wired/ethernet network to an 802.1x username-based authentication scheme system. As it stands now in areas that have been converted on our campus, we can no longer use the LANDesk 9 imaging utilities with WinPE (2.1 build) to image any PCs. They will not be able to obtain a regular IP address and cannot communicate with the Core Server to initate the process.

       

      We have found a whitepaper outlining a way to include a hotfix and 802.1x XML configurations into a WinPE build. However, after we mounted the image and attempted to use WAIK tools (we've tried both Vista and Windows 7-based WAIK's), we are unable to add the Microsoft-issued hotfix with a Packageadd command in WAIK. The Windows7 WAIK claims that it cannot process a "Vista RTM-based OS".  It also looks like the way that the boot.wim file was initially created and compressed, we cannot modify it due to the "/PREP" command having been used within the Vista WAIK.   We set up a Test Core Server and installed SP2, but it appears that the PE build is still 2.1, a non-starter for trying to get past this.

       

      Has anyone had any kind of success modifying or adding 802.1x authentication into the LANDesk PE image? Due to a number of factors including a changeover to VOIP for our phone systems, we are going the full 802.1x route and cannot get around this easily.

       

      Thanks for any assistance!!

      -Matthew Brooks

      Desktop Support Technician

      Certified LANDesk 9 Engineer

      Campus Technology Services

      SUNY Oswego

        • 1. Re: WinPE & 802.1x
          Apprentice

          Hi

           

          We use an Juniper 802.1x system here. What we have done is create a VLAN for building PC's. A PC will boot to PXE and get an IP address in this range,  PC's in this range can only see the core server so it is able to image the PC but not get anywhere else on the network or beyond If you are creating a remediation VLAN for updating AV, software, ect I would reccomend this one. We are deploying Win7 and XP with this method. This is very basic overview of the process, if you have any speciffic questions email me [email protected] and I will see if we can help.

           

          What I have noticed with 802.1X is the change through multiple IP addresses when a user logs in affects Landesks ability to deploy packages reliably.

           

          Cheers

          Gary

          • 2. Re: WinPE & 802.1x
            Apprentice

            Just a quick addition, I have been having a word with our network manager about what happens when a PC boots to build. There is a rule on our switches which says if machine authentication does not occur within a certain time the PC is put into our build range, the PC going into PXE boot causes the timeout to be exceeded and go into the Build Vlan. If no PXE boot happens the machine authentication will occur then the PC goes into the remediation VLAN and is able to log in as normal.

             

            Cheers

            Gary