How to deploy XP SP3 in an existing wired 802.1x environment

Prior to SP3, the 802.1x service for XP is the Wireless Zero Configuration Service.  This service handles the 802.1x needs for both wired and wireless connections.  This has been problematic since not everyone uses wired 802.1x.  Also, because the wired 802.1x engine listens passively for EAP Identity traffic, we are not fully compliant with the IEEE spec, which state the client should initiate authentication by sending an EAPOL-Start frame.

With SP3, we have separated the wireless service from the wired service and created a new Dot3Svc (Wired AutoConfig).  This service is set as a manual start as opposed to being automatic.  The default behavior of the Dot3Svc is now compliant with the IEEE specification.

In most environments, this is not a problem since most folks are not using 802.1x on their wired networks.  However, if the network has 802.1x deployed, having the service set to manual creates the unfortunate side effect of preventing the client from connecting back to the network after the required reboot has occurred. 

One of the suggested workarounds was to set the service type to Automatic in a GPO and push this out to all the clients prior to deploying SP3, but unfortunately you cannot do this.  Because Dot3Svc is a new service and does not exist on systems prior to SP3, XP cannot consume the necessary settings from a GPO and apply them after the service has been installed.

So to address this issue, you need to take the following steps:

Step 1: Pre-deployment

1.  Create a file called dot3svc_start.reg and put it in \<domainname>sysvol<domainname>scripts

a. Add the following to the file

Windows Registry Editor Version 5.00



2. Create a file called dot3svc.bat and put it in \<domainname>sysvol<domainname>scriptsdot3svc_start.reg

3. Using a GPO, add dot3svc.bat to the Shutdown scripts object.

4. In the same GPO, set the dot3svc to Automatic

Step 2: Deployment

1. Confirm the clients process the shutdown script.  All that needs to be done is to confirm the Dot3svc registry key exists after a reboot.

2. Deploy SP3 using normal procedures. 

Step 3: Post Deployment

1. After you have confirmed SP3 installs correctly and the dot3svc service starts, remove the scripts/GPO.

For more information on the Dot3Svc, see