Solved

NPS Radius authentication problem

Posted on 2010-11-24
5
1,648 Views
Last Modified: 2013-11-12
After a server crash on my old NPS server, I imported the xml configuration file to my new nps server. It is used with a Cisco WLC for web authentication on our guest lan.
But since I moved the nps to a new server, I keep getting "No reversibly encrypted password is stored for the user account", I even tried to select "use reversibly encryption in AD", which is not what I want, but I still get the same error in the NPS log.
I have imported the certificate to the new nps server and configured it for PEAP-MS-CHAP v.2.
If I select "Accept users without validating credential" in NPS Connection request policy my ad users can log on, but I quickly learned that you could then write anything in username and password and still get in.
The log file for NPS only says "No reversibly encrypted password is stored for the user account", I even tried to select "use reversibly encryption in AD", no matter what I try, even if I selct unencrypted authentication in NPS.
What could be wrong?
0
Comment
Question by:Ducknaldi
  • 4
5 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
Did you reset the RADIUS client password on the new NPS server? It won't come over in the XML file for security reasons.
0
 
LVL 1

Author Comment

by:Ducknaldi
Comment Utility
I tried to reset the shared secret, no luck:(
0
 
LVL 1

Author Comment

by:Ducknaldi
Comment Utility
I now tried a 3´rd server with the same configuration. It seems no matter what I do it wants a reversibly encrypted password to be stored in AD. This is not an option for obvious reasons and would also require all users to change their password before it would work.
0
 
LVL 1

Accepted Solution

by:
Ducknaldi earned 0 total points
Comment Utility
Ok, I solved the problem with a Cisco Secure Access Server instead.
The NPS stinks when it comes to logging what´s going on and I could have been guessing forever.
0
 
LVL 1

Author Closing Comment

by:Ducknaldi
Comment Utility
The real problem was never soved with NPS.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VMware 6 increase datastore size 8 61
IBM laptop won't connect to my WiFi 12 30
Folder size tool 6 59
system state backup 1 5
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now