Solved

Can no longer authenticate using VPN and certificate

Posted on 2006-11-09
2
1,786 Views
Last Modified: 2012-05-05
Hi Experts,

I have set up a VPN using certificates and EAP.  I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.  

The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN).  I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy.   I have the following errors in the event logs on the server

Thanks

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
 Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Users/SBSUsers/ME
 NAS-IP-Address = 127.0.0.1
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = xx.xxx.xxx.xxx
 Client-Friendly-Name = domainserverradius
 Client-IP-Address = 10.0.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 129
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Small Business Remote Access Policy
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.


Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20014
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:beechfielder
2 Comments
 
LVL 5

Accepted Solution

by:
beechfielder earned 0 total points
ID: 17928687
Well I found out why this was happening.  The entry in IAS on the authentication tab of the policy no longer contained an entry for "EAP method"  I added back "smart card of certificate" and can now connect.

I am not sure how this happened, the policy has not been touched, but a number of patches and service packs have been installed.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question