IAS Event ID 2 with reason-code 262

We have 3 wireless on one Cisco 1300 AP. One is for public without any security settings. The second wireless uses WPA for student and 3rd wireless uses WPA-Enterprise for LAN users.  It has been work for over two years without any issues. This weekend, the LAN wireless doesn't work (public and student work without any problems). I am not sure it is related, but we just installed two windows 2008 DCs replacing windows 2000 DCs recently. I haven't removed the two windows 2000 DCs from the network. We just disable one of 2000 DCs for the test. Every thing works except the LAN wireless.

Our IAS running on one of windows 2003 server has correct DNS settings (pointing to windows 2008 DC/DNS) and nslookup doesn't show any errors. The following are the event log and IAS log. How do you troubleshoot it?

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date:  10/13/2008
Time:  11:50:47 AM
User:  N/A
Computer: DEVICES1
Description:
User NTDOMAIN\BLin was denied access.
 Fully-Qualified-User-Name = domainname.org/Users/Bob Lin
 NAS-IP-Address = 10.0.30.71
 NAS-Identifier = Admin_IP71
 Called-Station-Identifier = 0019.306a.e160
 Calling-Station-Identifier = 001c.bf9a.8774
 Client-Friendly-Name = ABAP1310IP71
 Client-IP-Address = 10.0.30.71
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1850
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = CBG-All
 Authentication-Type = PEAP
 EAP-Type = <undetermined>
 Reason-Code = 262
 Reason = The supplied message is incomplete.  The signature was not verified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 03 09 80               ...€    

IAS log
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:21,IAS,DEVICES1,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1848,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4128,ABAP1310IP71,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14271,4129,NTDOMAIN\CBG002330$,4130,NTDOMAIN\CBG002330$,4127,5,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:21,IAS,DEVICES1,25,311 1 10.0.0.12 03/06/2008 03:43:51 14271,4127,5,4130,NTDOMAIN\CBG002330$,4129,NTDOMAIN\CBG002330$,4154,Use Windows authentication for all users,4155,1,4128,ABAP1310IP71,4116,0,4108,10.0.30.71,4136,3,4142,48
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:26,IAS,DEVICES1,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1849,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4128,ABAP1310IP71,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14272,4129,NTDOMAIN\CBG002330$,4130,NTDOMAIN\CBG002330$,4127,5,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:26,IAS,DEVICES1,25,311 1 10.0.0.12 03/06/2008 03:43:51 14272,4127,5,4130,NTDOMAIN\CBG002330$,4129,NTDOMAIN\CBG002330$,4154,Use Windows authentication for all users,4155,1,4128,ABAP1310IP71,4116,0,4108,10.0.30.71,4136,3,4142,48
10.0.30.71,NTDOMAIN\BLin,10/13/2008,11:50:47,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1850,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14277,4129,NTDOMAIN\BLin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\BLin,10/13/2008,11:50:47,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14277,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\BLin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,12:26:45,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1853,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14287,4129,NTDOMAIN\CBG002330$,4149,wireless,4132,Secured password (EAP-MSCHAP v2),4127,11,4130,domainname.org/Computers/CBG002330,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,12:26:45,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14287,4132,Secured password (EAP-MSCHAP v2),4127,11,8100,0,4108,10.0.30.71,4116,0,4120,0x014E54444F4D4149,4155,1,4154,Use Windows authentication for all users,4129,NTDOMAIN\CBG002330$,4149,wireless,6,1,4130,domainname.org/Computers/CBG002330,4136,2,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:54,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,8,61,19,5,1853,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14292,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:54,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14292,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1854,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14297,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14297,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1855,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14302,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14302,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:29:34,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1856,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14309,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:29:34,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14309,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
LVL 7
blin2000Asked:
Who is Participating?
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
As described in KB, this occur when IAS is Windows Server 2003 and trusted root CA certificate isn't installed on the clients. http://support.microsoft.com/kb/838502
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.