Solved

Error 6274 NPS win 2008 sp2

Posted on 2011-03-02
15
2,368 Views
Last Modified: 2012-05-11
I'm trying to setup a radius server using windows 2008 sp2 NPS with a cisco 5500 as the client, and setting the policy to aloow access to domain users. I receive an erro 6274 "Network Policy Server discarded the request for a user". I have registered the NPS service and configured the Radius client ,policy and WLC just like a previous location. but cannot seem to get it to login. the only difference is the previous system was win 2008 r2 and this one is win 2008 sp2.
does anyone have any suggestions
0
Comment
Question by:Darrell_Milam
  • 9
  • 6
15 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35017915
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35019628
thank you for your reply.
We are not using SQL. Accounting has Sql <not configured> and Log is set to c:\Windows\System32\LogFiles\NPS. It did create and is adding to this file, so I do not think this tid applies.

can you thank of anything else to try?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35019766
Else can come from the CISCO itself : http://technet.microsoft.com/en-us/library/cc735339%28WS.10%29.aspx
Are you sure the cisco is up to date with latest firmware?
you can find guide here to configure, maybe it can be useful to review your configuration
- http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
- http://www.ranjodh.com/networking/setup-windows-server-2008-r2-as-radius-server-for-cisco-asa/
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020208
I'm using a controller from our lab which was setup and running with a radius win 2008 r2 server and we had no issues configuring and testing in that enviroment.
I have run through all the configurations again with no success.

I have tried to duplicate the problem in our test lab
the only way I can get the exact error on the server and the exact error on the controller which is " RADIUS server 10.10.10.2:1812 failed to respond to request (ID155) for client 00:13:ce:b4:a9:ad / user 'unknown' " Is to disable the EAP service on the server. I checked and the service on the production server is set to manual and not started. In the test lab it has these settings and it starts as soon as a client starts to connect. At this time I can not test to see if the service starts and not sure if it was started when I was having the touble. This may be the problem not sure why it would not start auto, I did try to start the service and it di with no errors.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020350
If the authentication is done with EAP, the service should be started. How to you authenticate your users? using username/password, certificate ?
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020386
domain uesrname/password
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020627
I was poking around the policy and found an error.
under
Network Policy and Access Services\ NPS\ Policies\Network policies\
my wirless policy\ Constraints\Authentication Methods\
If I try to edit the "Microsoft: Protected EAP (PEAP)
I recieve and error "A Certificate could not be found that can be used with this Extensible Authentication protocol" please see attached image file

where in my certificate should I be looking?
error.bmp
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 11

Expert Comment

by:Tasmant
ID: 35020649
Have you configured certificate on your production NPS server?
Are your clients trust the CA certificate which delivered the certificate for your NPS server?
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35020696
Ok, try this : http://technet.microsoft.com/en-us/library/cc730811.aspx
If you do not want to deploy CA in your production environement, you could relie on the CA set on your lab. (at least for testing purposes)
You will add to add the CA public certificate to the trusted root store on the client computer, as well as on the production server. Then you can follow the guide to request certificate on your lab, then export it to import on the production server.
Please let me know if you need more details.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022049
this is all being done on the domain controller, that also has the CA installed with web components. I have  installed the certificate to the server by going through the web interface. I added it to the Personal Certificates folder, Is that where it needs to be or should I install it somewhere else?

I did not want to go through the auto deployment of the certificate until I was sure everything else worked.

I thought it would add the certificate to the server during the install. I did not have to do that before in my test lab.

0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022061
sorry it is also in the trusted root certificates
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022393
I think I finally got the certificate where it needed to be

opened mmc / certificate / computer/ Personal/ certificates

right clicked certificates requested new certif
from domain controller

and now I can edit the eap settings

I will have to check now to see if that did.  
Will not be able to see if it worked until friday.
i'll let you know
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 500 total points
ID: 35025383
yes it exists the computer store and the user store.
for server certificate, like NPS or other SSL (meaning HTTPS), the certificate must be imported in the computer store. Glad to see you found the way to import it.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35056485
that did it
we tested today and everything is working fine thanks for all your help
0
 
LVL 2

Author Closing Comment

by:Darrell_Milam
ID: 35056545
did not find the exact place to add the certificate in tasmant's suggestions but his guidance did point me to the locations. I do think he should be awarded all the points
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now