[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Error 6274 NPS win 2008 sp2

Posted on 2011-03-02
15
Medium Priority
?
2,602 Views
Last Modified: 2012-05-11
I'm trying to setup a radius server using windows 2008 sp2 NPS with a cisco 5500 as the client, and setting the policy to aloow access to domain users. I receive an erro 6274 "Network Policy Server discarded the request for a user". I have registered the NPS service and configured the Radius client ,policy and WLC just like a previous location. but cannot seem to get it to login. the only difference is the previous system was win 2008 r2 and this one is win 2008 sp2.
does anyone have any suggestions
0
Comment
Question by:Darrell_Milam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35017915
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35019628
thank you for your reply.
We are not using SQL. Accounting has Sql <not configured> and Log is set to c:\Windows\System32\LogFiles\NPS. It did create and is adding to this file, so I do not think this tid applies.

can you thank of anything else to try?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35019766
Else can come from the CISCO itself : http://technet.microsoft.com/en-us/library/cc735339%28WS.10%29.aspx
Are you sure the cisco is up to date with latest firmware?
you can find guide here to configure, maybe it can be useful to review your configuration
- http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
- http://www.ranjodh.com/networking/setup-windows-server-2008-r2-as-radius-server-for-cisco-asa/
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020208
I'm using a controller from our lab which was setup and running with a radius win 2008 r2 server and we had no issues configuring and testing in that enviroment.
I have run through all the configurations again with no success.

I have tried to duplicate the problem in our test lab
the only way I can get the exact error on the server and the exact error on the controller which is " RADIUS server 10.10.10.2:1812 failed to respond to request (ID155) for client 00:13:ce:b4:a9:ad / user 'unknown' " Is to disable the EAP service on the server. I checked and the service on the production server is set to manual and not started. In the test lab it has these settings and it starts as soon as a client starts to connect. At this time I can not test to see if the service starts and not sure if it was started when I was having the touble. This may be the problem not sure why it would not start auto, I did try to start the service and it di with no errors.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020350
If the authentication is done with EAP, the service should be started. How to you authenticate your users? using username/password, certificate ?
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020386
domain uesrname/password
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020627
I was poking around the policy and found an error.
under
Network Policy and Access Services\ NPS\ Policies\Network policies\
my wirless policy\ Constraints\Authentication Methods\
If I try to edit the "Microsoft: Protected EAP (PEAP)
I recieve and error "A Certificate could not be found that can be used with this Extensible Authentication protocol" please see attached image file

where in my certificate should I be looking?
error.bmp
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020649
Have you configured certificate on your production NPS server?
Are your clients trust the CA certificate which delivered the certificate for your NPS server?
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 1500 total points
ID: 35020696
Ok, try this : http://technet.microsoft.com/en-us/library/cc730811.aspx
If you do not want to deploy CA in your production environement, you could relie on the CA set on your lab. (at least for testing purposes)
You will add to add the CA public certificate to the trusted root store on the client computer, as well as on the production server. Then you can follow the guide to request certificate on your lab, then export it to import on the production server.
Please let me know if you need more details.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022049
this is all being done on the domain controller, that also has the CA installed with web components. I have  installed the certificate to the server by going through the web interface. I added it to the Personal Certificates folder, Is that where it needs to be or should I install it somewhere else?

I did not want to go through the auto deployment of the certificate until I was sure everything else worked.

I thought it would add the certificate to the server during the install. I did not have to do that before in my test lab.

0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022061
sorry it is also in the trusted root certificates
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022393
I think I finally got the certificate where it needed to be

opened mmc / certificate / computer/ Personal/ certificates

right clicked certificates requested new certif
from domain controller

and now I can edit the eap settings

I will have to check now to see if that did.  
Will not be able to see if it worked until friday.
i'll let you know
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 1500 total points
ID: 35025383
yes it exists the computer store and the user store.
for server certificate, like NPS or other SSL (meaning HTTPS), the certificate must be imported in the computer store. Glad to see you found the way to import it.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35056485
that did it
we tested today and everything is working fine thanks for all your help
0
 
LVL 2

Author Closing Comment

by:Darrell_Milam
ID: 35056545
did not find the exact place to add the certificate in tasmant's suggestions but his guidance did point me to the locations. I do think he should be awarded all the points
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question