Event ID 11006 — Wireless Network Security and Authentication

  • Article

Applies To: Windows Server 2008 R2

Wireless Network Security and Authentication consists of Institute of Electrical and Electronics Engineers (IEEE) 802.1X authentication settings, and the security-specific settings for network adapters. The security settings are required to connect a computer to a specific security-enabled wireless network.

Event Details

Product: Windows Operating System
ID: 11006
Source: Microsoft-Windows-WLAN-AutoConfig
Version: 6.1
Symbolic Name: MsmSecurityFailureEvtDesc
Message: Wireless security failed.

Network Adapter: %1
Interface GUID: %2
Local MAC Address: %3
Network SSID: %4
BSS Type: %5
Peer MAC Address: %6
Reason: %7
Error: %9

Resolve

Wireless security failure

"Wireless security failure" errors

A reason code is used to identify a known condition that is responsible for triggering a specific event. Each reason code has a corresponding Event log message. In some cases, multiple reason codes are linked to one event, and any one condition with an associated reason code can result in a reported event. The following lists provides the Reason Codes, Event log messages and # Def names corresponding to each condition that can trigger Event. "# def name" codes are provided because they can be useful, if you are working with Microsoft Customer Service and Support personnel. Following this list, there is prescriptive guidance for each Reason Code that is marked with an asterisk (*).

Note: For the most current list of reason codes and their associated meanings, see WLAN_REASON_CODE on the Web at https://go.microsoft.com/fwlink/?LinkId=99529.

Reason Codes, Event log messages, and #def names associated with this event:

  • Reason Code:  282624   Event log message:  Failed to queue the UI request   # def name:  WLAN_REASON_CODE_MSMSEC_UI_REQUEST_FAILURE  
  • Reason Code:  282625   Event log message:  802.1x authentication did not start within configured time   # def name:  WLAN_REASON_CODE_MSMSEC_AUTH_START_TIMEOUT  
  • * Reason Code:  282626   Event log message:  802.1x authentication did not complete within configured time   # def name:  WLAN_REASON_CODE_MSMSEC_AUTH_SUCCESS_TIMEOUT  
  • Reason Code:  282627   Event log message:  Dynamic key exchange did not start within configured time   # def name:  WLAN_REASON_CODE_MSMSEC_KEY_START_TIMEOUT  
  • Reason Code:  282628   Event log message:  Dynamic key exchange did not complete within configured time.   # def name:  WLAN_REASON_CODE_MSMSEC_KEY_SUCCESS_TIMEOUT  
  • Reason Code:  282629   Event log message:  Message 3 of 4-way handshake has no key data.   # def name:  WLAN_REASON_CODE_MSMSEC_M3_MISSING_KEY_DATA  
  • Reason Code:  282630   Event log message:  Message 3 of 4-way handshake has no IE. (RSN/WPA)   # def name:  WLAN_REASON_CODE_MSMSEC_M3_MISSING_IE  
  • Reason Code:  282631   Event log message:  Message 3 of 4 way handshake has no Group Key (RSN)    # def name:  WLAN_REASON_CODE_MSMSEC_M3_MISSING_GRP_KEY  
  • Reason Code:  282632   Event log message:  Matching security capabilities of IE in M3 failed (RSN/WPA)   # def name:  WLAN_REASON_CODE_MSMSEC_PR_IE_MATCHING  
  • Reason Code:  282633   Event log message:  Matching security capabilities of Secondary IE in M3 failed (RSN)   # def name:  WLAN_REASON_CODE_MSMSEC_SEC_IE_MATCHING  
  • Reason Code:  282634   Event log message:  Required a pairwise key but AP configured only group keys   # def name:  WLAN_REASON_CODE_MSMSEC_NO_PAIRWISE_KEY  
  • Reason Code:  282635   Event log message:  Message 1 of group key handshake has no key data (RSN/WPA)   # def name:  WLAN_REASON_CODE_MSMSEC_G1_MISSING_KEY_DATA  
  • Reason Code:  282636   Event log message:  Message 1 of group key handshake has no group key    # def name:  WLAN_REASON_CODE_MSMSEC_G1_MISSING_GRP_KEY  
  • Reason Code:  282637   Event log message:  AP reset secure bit after connection was secured    # def name:  WLAN_REASON_CODE_MSMSEC_PEER_INDICATED_INSECURE  
  • Reason Code:  282638   Event log message:  802.1x indicated there is no authenticator but profile requires 802.1x   # def name:  WLAN_REASON_CODE_MSMSEC_NO_AUTHENTICATOR  
  • Reason Code:  282639   Event log message:  Configuring the NIC failed    # def name:  WLAN_REASON_CODE_MSMSEC_NIC_FAILURE  
  • Reason Code:  282640   Event log message:  Operation was cancelled by caller    # def name:  WLAN_REASON_CODE_MSMSEC_CANCELLED  
  • Reason Code:  282641   Event log message:  Key index specified is not valid    # def name:  WLAN_REASON_CODE_MSMSEC_KEY_FORMAT  
  • * Reason Code:  262146   Event log message:  Key required, PSK present. An example is when the network is configured for Wi-Fi Protected Access v2 (WPA2) personal, which requires a network security key, but the profile is configured for either WPA2 Enterprise or WPA Enterprise.   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_PSK_PRESENT  
  • * Reason Code:  262147   Event log message:  Invalid key length. An example is when the pre-shared key (PSK), known as “Network security key” in Windows Vista and Windows Server 2008, is configured with fewer than 8 characters.    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_KEY_LENGTH  
  • Reason Code:  262148   Event log message:  Invalid PSK length    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_PSK_LENGTH  
  • Reason Code:  262149   Event log message:  No auth/cipher pairs specified    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_NO_AUTH_CIPHER_SPECIFIED  
  • Reason Code:  262150   Event log message:  Too many auth/cipher pairs specified.   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_TOO_MANY_AUTH_CIPHER_SPECIFIED  
  • Reason Code:  262151   Event log message:  Profile contains duplicate auth/cipher pair.   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_DUPLICATE_AUTH_CIPHER  
  • Reason Code:  262152   Event log message:  Profile raw data is invalid (1x or key data)    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_RAWDATA_INVALID  
  • Reason Code:  262153   Event log message:  Invalid auth/cipher combination    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_AUTH_CIPHER  
  • Reason Code:  262154   Event log message:  802.1x disabled when it's required to be enabled   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_ONEX_DISABLED  
  • Reason Code:  262155   Event log message:  802.1x enabled when it's required to be disabled    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_ONEX_ENABLED  
  • Reason Code:  262156   Event log message:  Invalid PMK cache mode    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_PMKCACHE_MODE  
  • Reason Code:  262157   Event log message:  Invalid PMK cache size   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_PMKCACHE_SIZE  
  • Reason Code:  262158   Event log message:  Invalid PMK cache TTL   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_PMKCACHE_TTL  
  • Reason Code:  262159   Event log message:  Invalid PreAuth mode   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_PREAUTH_MODE  
  • Reason Code:  262160   Event log message:  Invalid PreAuth throttle   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_PREAUTH_THROTTLE  
  • Reason Code:  262161   Event log message:  PreAuth enabled when PMK cache is disabled   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_PREAUTH_ONLY_ENABLED  
  • Reason Code:  262162   Event log message:  Capability matching failed at network   # def name:  WLAN_REASON_CODE_MSMSEC_CAPABILITY_NETWORK  
  • Reason Code:  262163   Event log message:  Capability matching failed at NIC    # def name:  WLAN_REASON_CODE_MSMSEC_CAPABILITY_NIC  
  • Reason Code:  262164   Event log message:  Capability matching failed at profile   # def name:  WLAN_REASON_CODE_MSMSEC_CAPABILITY_PROFILE  
  • Reason Code:  262165   Event log message:  Network does not support specified discovery type   # def name:  WLAN_REASON_CODE_MSMSEC_CAPABILITY_DISCOVERY  
  • Reason Code:  262166   Event log message:  Passphrase contains invalid character   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_PASSPHRASE_CHAR  
  • Reason Code:  262167   Event log message:  Key material contains invalid character   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_KEYMATERIAL_CHAR  
  • Reason Code:  262168   Event log message:  The key type specified does not match the key material    # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_WRONG_KEYTYPE  
  • Reason Code:  262169   Event log message:  A mixed cell is suspected. The AP is not signalling that it is compatible with a privacy-enabled profile.   # def name:  WLAN_REASON_CODE_MSMSEC_MIXED_CELL  
  • Reason Code:  262170   Event log message:  The number of authentication timers or the number of timeouts specified in the profile is invalid.   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_AUTH_TIMERS_INVALID  
  • Reason Code:  262171   Event log message:  The group key update interval specified in the profile is invalid.   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_INVALID_GKEY_INTV  
  • Reason Code:  262172   Event log message:  A "transition network" is suspected. Legacy 802.11 security is used for the next authentication attempt.   # def name:  WLAN_REASON_CODE_MSMSEC_TRANSITION_NETWORK  
  • Reason Code:  262173   Event log message:  The key contains characters that are not in the ASCII character set.   # def name:  WLAN_REASON_CODE_MSMSEC_PROFILE_KEY_UNMAPPED_CHAR  
  • Reason Code:  262174   Event log message:  Capability matching failed because the profile does not contain an authentication method.   # def name:  WLAN_REASON_CODE_MSMSEC_CAPABILITY_PROFILE_AUTH  
  • Reason Code:  262175   Event log message:  Capability matching failed because the profile does not contain a cipher algorithm.   # def name:  WLAN_REASON_CODE_MSMSEC_CAPABILITY_PROFILE_CIPHER  
  • Reason Code:  282642   Event log message:  A security downgrade was detected.   # def name:  WLAN_REASON_CODE_MSMSEC_DOWNGRADE_DETECTED/td>  
  • * Reason Code:  282643   Event log message:  A PSK mismatch is suspected.   # def name:  WLAN_REASON_CODE_MSMSEC_PSK_MISMATCH_SUSPECTED  
  • Reason Code:  282644   Event log message:  There was a forced failure because the connection method was not secure.   # def name:  WLAN_REASON_CODE_MSMSEC_FORCED_FAILURE  
  • Reason Code:  282645   Event log message:  The security UI request failed because the request could not be queued or because the user cancelled the request.   # def name:  WLAN_REASON_CODE_MSMSEC_SECURITY_UI_FAILURE  

Correcting Reason Code: 262146 Key required, PSK present

Configure the wireless network connection profile with the correct security type, and network security key.

To perform this procedure, you must be logged on by using a local computer Administrator account, or you must have been delegated the appropriate authority.

  1. Click Start, click Control Panel, and then double-click Network and Sharing Center.
  2. In Tasks, click Manage wireless networks.
  3. In Networks you can view and modify, right-click the network connection profile that you want to modify, click Properties, and then click the Security tab.
  4. In Security type, select WPA2-Personal, or WPA-Personal, depending on the security type configured on your wireless access point or ad hoc network.
  5. In Network security key, type the exact case-sensitive key that is configured on your wireless access point or ad hoc network, and then click OK.

Correcting Reason Code: 262147 Invalid key length

The network is configured for Wi-Fi Protected Access v2 Personal (WPA2-Personal) or WPA-Personal, which require a network security key, but the network security key that is configured in the wireless network connection profile is not the correct length.

Configure the wireless network connection profile with network security key that is of valid length, and matching the key that is configured on your wireless access point or ad hoc network.

To perform this procedure, you must be logged on by using a local computer Administrator account, or you must have been delegated the appropriate authority.

  1. Click Start, click Control Panel, and then double-click Network and Sharing Center.
  2. In Tasks, click Manage wireless networks.
  3. In Networks you can view and modify, right-click the network connection profile that you want to modify, click Properties, and then click the Security tab.
  4. In Security type, select WPA2-Personal, or WPA-Personal, depending on the security type configured on your wireless access point or ad hoc network.
  5. In Network security key, type the exact case-sensitive key that is configured on your wireless access point or ad hoc network, and then click OK.

Note: The network security key configured on your wireless access point and in the wireless network connection profile must match and must contain a minimum of 8 characters.

Correcting Reason Code: 282643 A PSK mismatch is suspected.

A variety of conditions can cause this error. For example, the authentication type configured on the wireless access point is set to use WPA-Enterprise or WPA2-Enterprise, and the encryption type in the wireless profile specifies WPA-Personal.

Resolution: Configure the wireless access point and the wireless profile with matching encryption types.

To perform this procedure, you must be logged on by using a local computer Administrator account, or you must have been delegated the appropriate authority.

  1. Click Start, click Control Panel, and then double-click Network and Sharing Center.
  2. In Tasks, click Manage wireless networks.
  3. In Networks you can view and modify, right-click the network connection profile that you want to modify, click Properties, and then click the Security tab.
  4. In Encryption type, select TKIP or AES, depending on the security type configured on the wireless access point.

Reason Code: 282626 802.1x authentication did not complete within configured time

If you are using an Extensible Authentication Protocol (EAP) authentication method that requires user input for credentials (such as PEAP-MS-CHAP v2, which requires the user to manually type their user name and password), the person responsible for managing the 802.1X settings on the 802.1X wireless access point (AP) might need to adjust the configuration on the AP to allow enough time for the user to submit the credentials before terminating the authentication and rejecting the connection attempt. This time-out setting for user input during 802.1X authentication is sometimes referred to as a "client time-out period." See the documentation for your AP to determine the name of this setting and how to change it as needed. A recommended value for this time-out is 30 seconds.

Verify

There are two methods to verify that wireless security settings are applied:

  • Verify wireless security settings by using the netsh wlan command
  • Verify wired security settings by using the status of a local area connection

Verify wireless security settings by using the netsh wlan command

To verify wireless security settings by using the netsh wlan command

  1. Click Start, and in Start Search, type cmd, and then press ENTER.
  2. At the Command Prompt, type netsh wlan show interfaceInterfaceName (where InterfaceName is the name of the wireless network adapter on which you want to view security settings), and then press ENTER.
  3. If 802.1X is configured on the network adapter, the command returns a result indicating that "802.1X security settings are applied."

Verify wired security settings by using the status of a local area connection

To verify wired security settings by using the status of a local area connection

  1. Click Start, click Control Panel, and then click Network and Internet.
  2. Click Network and Sharing Center, and then in Tasks, click Manage network connections.
  3. Right-click the wireless network connection, select Properties, and then select the Authentication tab.
  4. If 802.1X is configured on the wireless network adapter, Enable IEEE 802.1X authentication is selected, and blocked from user modification.

Wireless Network Security and Authentication

Networking