Solved

Can no longer authenticate using VPN and certificate

Posted on 2006-11-09
2
1,779 Views
Last Modified: 2012-05-05
Hi Experts,

I have set up a VPN using certificates and EAP.  I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.  

The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN).  I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy.   I have the following errors in the event logs on the server

Thanks

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
 Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Users/SBSUsers/ME
 NAS-IP-Address = 127.0.0.1
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = xx.xxx.xxx.xxx
 Client-Friendly-Name = domainserverradius
 Client-IP-Address = 10.0.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 129
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Small Business Remote Access Policy
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.


Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20014
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:beechfielder
2 Comments
 
LVL 5

Accepted Solution

by:
beechfielder earned 0 total points
ID: 17928687
Well I found out why this was happening.  The entry in IAS on the authentication tab of the policy no longer contained an entry for "EAP method"  I added back "smart card of certificate" and can now connect.

I am not sure how this happened, the policy has not been touched, but a number of patches and service packs have been installed.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now