Solved

Error 6274 NPS win 2008 sp2

Posted on 2011-03-02
15
2,396 Views
Last Modified: 2012-05-11
I'm trying to setup a radius server using windows 2008 sp2 NPS with a cisco 5500 as the client, and setting the policy to aloow access to domain users. I receive an erro 6274 "Network Policy Server discarded the request for a user". I have registered the NPS service and configured the Radius client ,policy and WLC just like a previous location. but cannot seem to get it to login. the only difference is the previous system was win 2008 r2 and this one is win 2008 sp2.
does anyone have any suggestions
0
Comment
Question by:Darrell_Milam
  • 9
  • 6
15 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35017915
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35019628
thank you for your reply.
We are not using SQL. Accounting has Sql <not configured> and Log is set to c:\Windows\System32\LogFiles\NPS. It did create and is adding to this file, so I do not think this tid applies.

can you thank of anything else to try?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35019766
Else can come from the CISCO itself : http://technet.microsoft.com/en-us/library/cc735339%28WS.10%29.aspx
Are you sure the cisco is up to date with latest firmware?
you can find guide here to configure, maybe it can be useful to review your configuration
- http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
- http://www.ranjodh.com/networking/setup-windows-server-2008-r2-as-radius-server-for-cisco-asa/
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020208
I'm using a controller from our lab which was setup and running with a radius win 2008 r2 server and we had no issues configuring and testing in that enviroment.
I have run through all the configurations again with no success.

I have tried to duplicate the problem in our test lab
the only way I can get the exact error on the server and the exact error on the controller which is " RADIUS server 10.10.10.2:1812 failed to respond to request (ID155) for client 00:13:ce:b4:a9:ad / user 'unknown' " Is to disable the EAP service on the server. I checked and the service on the production server is set to manual and not started. In the test lab it has these settings and it starts as soon as a client starts to connect. At this time I can not test to see if the service starts and not sure if it was started when I was having the touble. This may be the problem not sure why it would not start auto, I did try to start the service and it di with no errors.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020350
If the authentication is done with EAP, the service should be started. How to you authenticate your users? using username/password, certificate ?
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020386
domain uesrname/password
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020627
I was poking around the policy and found an error.
under
Network Policy and Access Services\ NPS\ Policies\Network policies\
my wirless policy\ Constraints\Authentication Methods\
If I try to edit the "Microsoft: Protected EAP (PEAP)
I recieve and error "A Certificate could not be found that can be used with this Extensible Authentication protocol" please see attached image file

where in my certificate should I be looking?
error.bmp
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020649
Have you configured certificate on your production NPS server?
Are your clients trust the CA certificate which delivered the certificate for your NPS server?
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35020696
Ok, try this : http://technet.microsoft.com/en-us/library/cc730811.aspx
If you do not want to deploy CA in your production environement, you could relie on the CA set on your lab. (at least for testing purposes)
You will add to add the CA public certificate to the trusted root store on the client computer, as well as on the production server. Then you can follow the guide to request certificate on your lab, then export it to import on the production server.
Please let me know if you need more details.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022049
this is all being done on the domain controller, that also has the CA installed with web components. I have  installed the certificate to the server by going through the web interface. I added it to the Personal Certificates folder, Is that where it needs to be or should I install it somewhere else?

I did not want to go through the auto deployment of the certificate until I was sure everything else worked.

I thought it would add the certificate to the server during the install. I did not have to do that before in my test lab.

0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022061
sorry it is also in the trusted root certificates
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022393
I think I finally got the certificate where it needed to be

opened mmc / certificate / computer/ Personal/ certificates

right clicked certificates requested new certif
from domain controller

and now I can edit the eap settings

I will have to check now to see if that did.  
Will not be able to see if it worked until friday.
i'll let you know
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 500 total points
ID: 35025383
yes it exists the computer store and the user store.
for server certificate, like NPS or other SSL (meaning HTTPS), the certificate must be imported in the computer store. Glad to see you found the way to import it.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35056485
that did it
we tested today and everything is working fine thanks for all your help
0
 
LVL 2

Author Closing Comment

by:Darrell_Milam
ID: 35056545
did not find the exact place to add the certificate in tasmant's suggestions but his guidance did point me to the locations. I do think he should be awarded all the points
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question