Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2719
  • Last Modified:

Error 6274 NPS win 2008 sp2

I'm trying to setup a radius server using windows 2008 sp2 NPS with a cisco 5500 as the client, and setting the policy to aloow access to domain users. I receive an erro 6274 "Network Policy Server discarded the request for a user". I have registered the NPS service and configured the Radius client ,policy and WLC just like a previous location. but cannot seem to get it to login. the only difference is the previous system was win 2008 r2 and this one is win 2008 sp2.
does anyone have any suggestions
0
Darrell_Milam
Asked:
Darrell_Milam
  • 9
  • 6
2 Solutions
 
Darrell_MilamAuthor Commented:
thank you for your reply.
We are not using SQL. Accounting has Sql <not configured> and Log is set to c:\Windows\System32\LogFiles\NPS. It did create and is adding to this file, so I do not think this tid applies.

can you thank of anything else to try?
0
 
TasmantCommented:
Else can come from the CISCO itself : http://technet.microsoft.com/en-us/library/cc735339%28WS.10%29.aspx
Are you sure the cisco is up to date with latest firmware?
you can find guide here to configure, maybe it can be useful to review your configuration
- http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
- http://www.ranjodh.com/networking/setup-windows-server-2008-r2-as-radius-server-for-cisco-asa/
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Darrell_MilamAuthor Commented:
I'm using a controller from our lab which was setup and running with a radius win 2008 r2 server and we had no issues configuring and testing in that enviroment.
I have run through all the configurations again with no success.

I have tried to duplicate the problem in our test lab
the only way I can get the exact error on the server and the exact error on the controller which is " RADIUS server 10.10.10.2:1812 failed to respond to request (ID155) for client 00:13:ce:b4:a9:ad / user 'unknown' " Is to disable the EAP service on the server. I checked and the service on the production server is set to manual and not started. In the test lab it has these settings and it starts as soon as a client starts to connect. At this time I can not test to see if the service starts and not sure if it was started when I was having the touble. This may be the problem not sure why it would not start auto, I did try to start the service and it di with no errors.
0
 
TasmantCommented:
If the authentication is done with EAP, the service should be started. How to you authenticate your users? using username/password, certificate ?
0
 
Darrell_MilamAuthor Commented:
domain uesrname/password
0
 
Darrell_MilamAuthor Commented:
I was poking around the policy and found an error.
under
Network Policy and Access Services\ NPS\ Policies\Network policies\
my wirless policy\ Constraints\Authentication Methods\
If I try to edit the "Microsoft: Protected EAP (PEAP)
I recieve and error "A Certificate could not be found that can be used with this Extensible Authentication protocol" please see attached image file

where in my certificate should I be looking?
error.bmp
0
 
TasmantCommented:
Have you configured certificate on your production NPS server?
Are your clients trust the CA certificate which delivered the certificate for your NPS server?
0
 
TasmantCommented:
Ok, try this : http://technet.microsoft.com/en-us/library/cc730811.aspx
If you do not want to deploy CA in your production environement, you could relie on the CA set on your lab. (at least for testing purposes)
You will add to add the CA public certificate to the trusted root store on the client computer, as well as on the production server. Then you can follow the guide to request certificate on your lab, then export it to import on the production server.
Please let me know if you need more details.
0
 
Darrell_MilamAuthor Commented:
this is all being done on the domain controller, that also has the CA installed with web components. I have  installed the certificate to the server by going through the web interface. I added it to the Personal Certificates folder, Is that where it needs to be or should I install it somewhere else?

I did not want to go through the auto deployment of the certificate until I was sure everything else worked.

I thought it would add the certificate to the server during the install. I did not have to do that before in my test lab.

0
 
Darrell_MilamAuthor Commented:
sorry it is also in the trusted root certificates
0
 
Darrell_MilamAuthor Commented:
I think I finally got the certificate where it needed to be

opened mmc / certificate / computer/ Personal/ certificates

right clicked certificates requested new certif
from domain controller

and now I can edit the eap settings

I will have to check now to see if that did.  
Will not be able to see if it worked until friday.
i'll let you know
0
 
TasmantCommented:
yes it exists the computer store and the user store.
for server certificate, like NPS or other SSL (meaning HTTPS), the certificate must be imported in the computer store. Glad to see you found the way to import it.
0
 
Darrell_MilamAuthor Commented:
that did it
we tested today and everything is working fine thanks for all your help
0
 
Darrell_MilamAuthor Commented:
did not find the exact place to add the certificate in tasmant's suggestions but his guidance did point me to the locations. I do think he should be awarded all the points
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now