Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Wired 802.1x Information Event Id:1

Posted on 2011-02-22
15
Medium Priority
?
604 Views
Last Modified: 2012-05-11
I am in the testing phase of deploying 802.1x for wired lan and have come to this event:

Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      1
Date:            2/22/2011
Time:            3:36:51 PM
User:            N/A
Computer:      IAS-SERVER
Description:
User user1111@DOMAIN.local was granted access.
 Fully-Qualified-User-Name = <undetermined>
 NAS-IP-Address = 10.137.36.18
 NAS-Identifier = <not present>
 Client-Friendly-Name = SWITCH-01
 Client-IP-Address = 10.137.36.18
 Calling-Station-Identifier = <not present>
 NAS-Port-Type = Ethernet
 NAS-Port = 46
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = <none>
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = <undetermined>
 EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

It says that the user was granted access but the user wasn't.
I have searched everywhere but have not found it. Has anyone seen this before and if so have any solutions?
0
Comment
Question by:CCSNV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 2
15 Comments
 
LVL 11

Expert Comment

by:Patmac951
ID: 34956890
What OS is the client computer running? Are you attempting to connect to an existing domain controller?  If yes, what OS is the Domain controller running that you are trying to attach to?
0
 

Author Comment

by:CCSNV
ID: 34956959
The IAS is running on the DC which is Windows Server 2K3 Ent, and the client machines are running WINXP SP3. I am using EAP-TLS. All the certificates are good both on client machine and server.
0
 
LVL 11

Expert Comment

by:Patmac951
ID: 34957137
Are the client computers using DHCP assigned addresses or Static IP's?  If they are using DHCP....for testing purposes I would assign a static IP, along with a static DNS server outside your network.  For testing purposes you can use 4.2.2.2 as your DNS server.

Secondly....and only briefly for testing purposes have you tried to remove the EAP-TLS certificate security and see if you can authenticate?  A few times in the past I have had certs that appear to be fine and once I removed them it worked fine.

I am not sure but I am just throwing you a few ideas I would use to try and pinpoint the culprit.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:CCSNV
ID: 34962804
Hi Patmac,

So I tried to remove all certificates and try authenticating, this = not authenticated. And then I tried removing all the certs and then re-installing via auto enrollment and this = not authenticated.

I have checked all my settings and and switch settings but still not working. Any other ideas?
0
 

Author Comment

by:CCSNV
ID: 34962809
Oh yeah sorry forgot to add that I did try static Ip Address and DHCP with both internal and external DNS.
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34967716
I have few questions. If I understand it right you try to authenticate user with certificate (EAP-TLS) which is stored locally???
0
 

Author Comment

by:CCSNV
ID: 34998492
That is correct. Each user has their own certificate and so does each workstation.
0
 
LVL 4

Accepted Solution

by:
Kendzast earned 2000 total points
ID: 34998683
User certificate is part of their profile? What if they log from another cpmputer? Why  do you need user authentication?
0
 

Author Comment

by:CCSNV
ID: 34999044
Kend I have the auth setting set to: "machineoruser" I will reset to "machine" and see if that helps.
0
 

Author Comment

by:CCSNV
ID: 35002343
So i have tried with both computer only and also computer and user authentication and still have the same issue.
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 35004113
Post switch port configuration.
0
 

Author Comment

by:CCSNV
ID: 35008434
using cisco small business SLM2048. Not the best but it is what I have to work with. Attached is the radius config:

.20 = radius server and .18=switch address
slm2048.jpg
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 35024719
can you post debug from switch?

debug radius
debug dot1x
0
 

Author Comment

by:CCSNV
ID: 35032503
Turns out there was an issue with the certificates. I revoked all certificates, re-issued, edited the network connection profiles to authenticate as Machine Only and Authentication Required, and deployed. Wooohooo it worked.
0
 

Author Closing Comment

by:CCSNV
ID: 35032509
Started looking at the certificate side after this comment was added.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question