Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NPS Radius authentication problem

Posted on 2010-11-24
5
Medium Priority
?
1,694 Views
Last Modified: 2013-11-12
After a server crash on my old NPS server, I imported the xml configuration file to my new nps server. It is used with a Cisco WLC for web authentication on our guest lan.
But since I moved the nps to a new server, I keep getting "No reversibly encrypted password is stored for the user account", I even tried to select "use reversibly encryption in AD", which is not what I want, but I still get the same error in the NPS log.
I have imported the certificate to the new nps server and configured it for PEAP-MS-CHAP v.2.
If I select "Accept users without validating credential" in NPS Connection request policy my ad users can log on, but I quickly learned that you could then write anything in username and password and still get in.
The log file for NPS only says "No reversibly encrypted password is stored for the user account", I even tried to select "use reversibly encryption in AD", no matter what I try, even if I selct unencrypted authentication in NPS.
What could be wrong?
0
Comment
Question by:Ducknaldi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34210664
Did you reset the RADIUS client password on the new NPS server? It won't come over in the XML file for security reasons.
0
 
LVL 1

Author Comment

by:Ducknaldi
ID: 34211272
I tried to reset the shared secret, no luck:(
0
 
LVL 1

Author Comment

by:Ducknaldi
ID: 34211315
I now tried a 3´rd server with the same configuration. It seems no matter what I do it wants a reversibly encrypted password to be stored in AD. This is not an option for obvious reasons and would also require all users to change their password before it would work.
0
 
LVL 1

Accepted Solution

by:
Ducknaldi earned 0 total points
ID: 34212832
Ok, I solved the problem with a Cisco Secure Access Server instead.
The NPS stinks when it comes to logging what´s going on and I could have been guessing forever.
0
 
LVL 1

Author Closing Comment

by:Ducknaldi
ID: 34237161
The real problem was never soved with NPS.
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question