?
Solved

Can no longer authenticate using VPN and certificate

Posted on 2006-11-09
2
Medium Priority
?
1,794 Views
Last Modified: 2012-05-05
Hi Experts,

I have set up a VPN using certificates and EAP.  I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.  

The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN).  I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy.   I have the following errors in the event logs on the server

Thanks

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
 Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Users/SBSUsers/ME
 NAS-IP-Address = 127.0.0.1
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = xx.xxx.xxx.xxx
 Client-Friendly-Name = domainserverradius
 Client-IP-Address = 10.0.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 129
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Small Business Remote Access Policy
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.


Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20014
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:beechfielder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
beechfielder earned 0 total points
ID: 17928687
Well I found out why this was happening.  The entry in IAS on the authentication tab of the policy no longer contained an entry for "EAP method"  I added back "smart card of certificate" and can now connect.

I am not sure how this happened, the policy has not been touched, but a number of patches and service packs have been installed.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question