Solved

Can no longer authenticate using VPN and certificate

Posted on 2006-11-09
2
1,776 Views
Last Modified: 2012-05-05
Hi Experts,

I have set up a VPN using certificates and EAP.  I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.  

The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN).  I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy.   I have the following errors in the event logs on the server

Thanks

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
 Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Users/SBSUsers/ME
 NAS-IP-Address = 127.0.0.1
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = xx.xxx.xxx.xxx
 Client-Friendly-Name = domainserverradius
 Client-IP-Address = 10.0.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 129
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Small Business Remote Access Policy
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.


Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20014
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:beechfielder
2 Comments
 
LVL 5

Accepted Solution

by:
beechfielder earned 0 total points
ID: 17928687
Well I found out why this was happening.  The entry in IAS on the authentication tab of the policy no longer contained an entry for "EAP method"  I added back "smart card of certificate" and can now connect.

I am not sure how this happened, the policy has not been touched, but a number of patches and service packs have been installed.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now