Solved

IAS Event ID 2 with reason-code 262

Posted on 2008-10-13
1
3,617 Views
Last Modified: 2013-11-09
We have 3 wireless on one Cisco 1300 AP. One is for public without any security settings. The second wireless uses WPA for student and 3rd wireless uses WPA-Enterprise for LAN users.  It has been work for over two years without any issues. This weekend, the LAN wireless doesn't work (public and student work without any problems). I am not sure it is related, but we just installed two windows 2008 DCs replacing windows 2000 DCs recently. I haven't removed the two windows 2000 DCs from the network. We just disable one of 2000 DCs for the test. Every thing works except the LAN wireless.

Our IAS running on one of windows 2003 server has correct DNS settings (pointing to windows 2008 DC/DNS) and nslookup doesn't show any errors. The following are the event log and IAS log. How do you troubleshoot it?

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date:  10/13/2008
Time:  11:50:47 AM
User:  N/A
Computer: DEVICES1
Description:
User NTDOMAIN\BLin was denied access.
 Fully-Qualified-User-Name = domainname.org/Users/Bob Lin
 NAS-IP-Address = 10.0.30.71
 NAS-Identifier = Admin_IP71
 Called-Station-Identifier = 0019.306a.e160
 Calling-Station-Identifier = 001c.bf9a.8774
 Client-Friendly-Name = ABAP1310IP71
 Client-IP-Address = 10.0.30.71
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1850
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = CBG-All
 Authentication-Type = PEAP
 EAP-Type = <undetermined>
 Reason-Code = 262
 Reason = The supplied message is incomplete.  The signature was not verified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 03 09 80               ...€    

IAS log
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:21,IAS,DEVICES1,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1848,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4128,ABAP1310IP71,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14271,4129,NTDOMAIN\CBG002330$,4130,NTDOMAIN\CBG002330$,4127,5,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:21,IAS,DEVICES1,25,311 1 10.0.0.12 03/06/2008 03:43:51 14271,4127,5,4130,NTDOMAIN\CBG002330$,4129,NTDOMAIN\CBG002330$,4154,Use Windows authentication for all users,4155,1,4128,ABAP1310IP71,4116,0,4108,10.0.30.71,4136,3,4142,48
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:26,IAS,DEVICES1,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1849,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4128,ABAP1310IP71,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14272,4129,NTDOMAIN\CBG002330$,4130,NTDOMAIN\CBG002330$,4127,5,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,11:46:26,IAS,DEVICES1,25,311 1 10.0.0.12 03/06/2008 03:43:51 14272,4127,5,4130,NTDOMAIN\CBG002330$,4129,NTDOMAIN\CBG002330$,4154,Use Windows authentication for all users,4155,1,4128,ABAP1310IP71,4116,0,4108,10.0.30.71,4136,3,4142,48
10.0.30.71,NTDOMAIN\BLin,10/13/2008,11:50:47,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1850,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14277,4129,NTDOMAIN\BLin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\BLin,10/13/2008,11:50:47,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14277,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\BLin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,12:26:45,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1853,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14287,4129,NTDOMAIN\CBG002330$,4149,wireless,4132,Secured password (EAP-MSCHAP v2),4127,11,4130,domainname.org/Computers/CBG002330,4136,1,4142,0
10.0.30.71,host/CBG002330.domainname.org,10/13/2008,12:26:45,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14287,4132,Secured password (EAP-MSCHAP v2),4127,11,8100,0,4108,10.0.30.71,4116,0,4120,0x014E54444F4D4149,4155,1,4154,Use Windows authentication for all users,4129,NTDOMAIN\CBG002330$,4149,wireless,6,1,4130,domainname.org/Computers/CBG002330,4136,2,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:54,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,8,61,19,5,1853,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14292,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:54,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14292,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1854,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14297,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14297,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1855,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14302,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:28:56,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14302,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:29:34,IAS,DEVICES1,4128,ABAP1310IP71,12,1400,30,0019.306a.e160,31,001c.bf9a.8774,6,1,61,19,5,1856,4,10.0.30.71,32,Admin_IP71,4108,10.0.30.71,4116,0,4155,1,4154,Use Windows authentication for all users,25,311 1 10.0.0.12 03/06/2008 03:43:51 14309,4129,NTDOMAIN\blin,4149,CBG-All,4127,11,4130,domainname.org/Users/Bob Lin,4136,1,4142,0
10.0.30.71,NTDOMAIN\blin,10/13/2008,12:29:34,IAS,DEVICES1,4128,ABAP1310IP71,25,311 1 10.0.0.12 03/06/2008 03:43:51 14309,4127,11,4130,domainname.org/Users/Bob Lin,4149,CBG-All,4129,NTDOMAIN\blin,4154,Use Windows authentication for all users,4108,10.0.30.71,4116,0,4155,1,4136,3,4142,262
0
Comment
Question by:blin2000
1 Comment
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 250 total points
ID: 22714066
As described in KB, this occur when IAS is Windows Server 2003 and trusted root CA certificate isn't installed on the clients. http://support.microsoft.com/kb/838502
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now