Solved

IAS Event ID 2 with reason-code 262

Posted on 2008-10-13
1
3,640 Views
Last Modified: 2013-11-09
We have 3 wireless on one Cisco 1300 AP. One is for public without any security settings. The second wireless uses WPA for student and 3rd wireless uses WPA-Enterprise for LAN users.  It has been work for over two years without any issues. This weekend, the LAN wireless doesn't work (public and student work without any problems). I am not sure it is related, but we just installed two windows 2008 DCs replacing windows 2000 DCs recently. I haven't removed the two windows 2000 DCs from the network. We just disable one of 2000 DCs for the test. Every thing works except the LAN wireless.

Our IAS running on one of windows 2003 server has correct DNS settings (pointing to windows 2008 DC/DNS) and nslookup doesn't show any errors. The following are the event log and IAS log. How do you troubleshoot it?

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date:  10/13/2008
Time:  11:50:47 AM
User:  N/A
Computer: DEVICES1
Description:
User NTDOMAIN\BLin was denied access.
 Fully-Qualified-User-Name = domainname.org/Users/Bob Lin
 NAS-IP-Address = 10.0.30.71
 NAS-Identifier = Admin_IP71
 Called-Station-Identifier = 0019.306a.e160
 Calling-Station-Identifier = 001c.bf9a.8774
 Client-Friendly-Name = ABAP1310IP71
 Client-IP-Address = 10.0.30.71
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1850
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = CBG-All
 Authentication-Type = PEAP
 EAP-Type = <undetermined>
 Reason-Code = 262
 Reason = The supplied message is incomplete.  The signature was not verified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 03 09 80               ...€    

IAS log
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:21,IAS,DEVICES1,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1848,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4128,ABAP1310IP71,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14271,4129,NTDOMAIN\CBG002330$,4130,NTDOMAIN\CBG002330$,4127,5,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:21,IAS,DEVICES1,25,311 1 10.0.0.12 03/06/2008 03:43:51 14271,4127,5,4130,NTDOMAIN\CBG002330$,4129,NTDOMAIN\CBG002330$,4154,Use Windows authentication for all users,4155,1,4128,ABAP1310IP71,4116,0,4108,10.0.30.71,4136,3,4142,48
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:26,IAS,DEVICES1,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1849,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4128,ABAP1310IP71,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14272,4129,NTDOMAIN\CBG002330$,4130,NTDOMAIN\CBG002330$,4127,5,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:26,IAS,DEVICES1,25,311 1 10.0.0.12 03/06/2008 03:43:51 14272,4127,5,4130,NTDOMAIN\CBG002330$,4129,NTDOMAIN\CBG002330$,4154,Use Windows authentication for all users,4155,1,4128,ABAP1310IP71,4116,0,4108,10.0.30.71,4136,3,4142,48
10.0.30.71,NTDOMAIN\BLin,10/13/2008,11:50:47,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1850,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14277,4129,NTDOMAIN\BLin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\BLin,10/13/2008,11:50:47,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14277,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\BLin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,12:26:45,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1853,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14287,4129,NTDOMAIN\CBG002330$,4149,wireless,4132,Secured password (EAP-MSCHAP v2),4127,11,4130,domainname.org/Computers/CBG002330,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,12:26:45,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14287,4132,Secured password (EAP-MSCHAP v2),4127,11,8100,0,4108,10.0.30.71,4116,0,4120,0x014E54444F4D4149,4155,1,4154,Use Windows authentication for all users,4129,NTDOMAIN\CBG002330$,4149,wireless,6,1,4130,domainname.org/Computers/CBG002330,4136,2,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:54,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,8,61,19,5,1853,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14292,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:54,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14292,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1854,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14297,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14297,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1855,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14302,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14302,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:29:34,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1856,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14309,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:29:34,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14309,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
0
Comment
Question by:blin2000
1 Comment
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 250 total points
ID: 22714066
As described in KB, this occur when IAS is Windows Server 2003 and trusted root CA certificate isn't installed on the clients. http://support.microsoft.com/kb/838502
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question