Kalaqui
asked on
NPS authentication failing - Reason Code 1
Hello,
The network I am managing has a 2003SBS which is authenticating Windows workstations wirelessly through a Cisco 1231 AP using PEAP.
Now that we have a 2008 R2 server, I am trying to setup NPS which is configured for PEAP. When a client tries to authenticate, I am getting this message:
SubjectUserSid S-1-0-0
SubjectUserName testuser
SubjectDomainName UNIVERSE
FullyQualifiedSubjectUserN
SubjectMachineSID S-1-0-0
SubjectMachineName -
FullyQualifiedSubjectMachi
MachineInventory -
CalledStationID 000f.8f3b.56b0
CallingStationID 001a.9252.b960
NASIPv4Address 172.16.128.2
NASIPv6Address -
NASIdentifier Wireless-AP
NASPortType Wireless - IEEE 802.11
NASPort 455
ClientName Cisco 1231 AP
ClientIPAddress 172.16.128.2
ProxyPolicyName Use Windows authentication for all users
NetworkPolicyName -
AuthenticationProvider Windows
AuthenticationServer T410.Universe.local
AuthenticationType -
EAPType -
AccountSessionIdentifier -
ReasonCode 1
Reason An internal error occurred. Check the system event log for additional information.
I am not sure what I did wrong. Initially it looked like a certificate problem. I have removed and recreated certificates. Any pointers are highly appreciated.
Thanks
The network I am managing has a 2003SBS which is authenticating Windows workstations wirelessly through a Cisco 1231 AP using PEAP.
Now that we have a 2008 R2 server, I am trying to setup NPS which is configured for PEAP. When a client tries to authenticate, I am getting this message:
SubjectUserSid S-1-0-0
SubjectUserName testuser
SubjectDomainName UNIVERSE
FullyQualifiedSubjectUserN
SubjectMachineSID S-1-0-0
SubjectMachineName -
FullyQualifiedSubjectMachi
MachineInventory -
CalledStationID 000f.8f3b.56b0
CallingStationID 001a.9252.b960
NASIPv4Address 172.16.128.2
NASIPv6Address -
NASIdentifier Wireless-AP
NASPortType Wireless - IEEE 802.11
NASPort 455
ClientName Cisco 1231 AP
ClientIPAddress 172.16.128.2
ProxyPolicyName Use Windows authentication for all users
NetworkPolicyName -
AuthenticationProvider Windows
AuthenticationServer T410.Universe.local
AuthenticationType -
EAPType -
AccountSessionIdentifier -
ReasonCode 1
Reason An internal error occurred. Check the system event log for additional information.
I am not sure what I did wrong. Initially it looked like a certificate problem. I have removed and recreated certificates. Any pointers are highly appreciated.
Thanks
merowinger
Which Radius Client Vendor have you choosen for your Cisco AP? You have to choose "Cisco" also sometimes you have to play with the message autentication option on the Radius Client settings
ASKER
Thanks. The only option for is to enable or disable Message-Authenticator attribute. I tried both options. Are there any other options?
Thanks
Thanks
No that's what i meant.
Have you choosen Cisco as Radius Client type?
Also have you started the Wireless Wizard on the NPS or just configured Ras Policies? As NPS has also a NAC festure you have to define the correct role.
To do this you have to select "Configure NAP" (see picture http://www.windowsecurity.com/img/upl/image0021225282176435.jpg)
Have you choosen Cisco as Radius Client type?
Also have you started the Wireless Wizard on the NPS or just configured Ras Policies? As NPS has also a NAC festure you have to define the correct role.
To do this you have to select "Configure NAP" (see picture http://www.windowsecurity.com/img/upl/image0021225282176435.jpg)
ASKER
Yes, Cisco is the client.
Used the wizard and selected RADIUS for 802.1x option to configure NPS.
Used the wizard and selected RADIUS for 802.1x option to configure NPS.
not working or? which errors?
ASKER
ReasonCode 1
Reason An internal error occurred. Check the system event log for additional information.
This is the error I got. There is no explanation of this in event log. Is there a way to debug further?
Thanks
Reason An internal error occurred. Check the system event log for additional information.
This is the error I got. There is no explanation of this in event log. Is there a way to debug further?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.