Solved

Error 6274 NPS win 2008 sp2

Posted on 2011-03-02
15
2,458 Views
Last Modified: 2012-05-11
I'm trying to setup a radius server using windows 2008 sp2 NPS with a cisco 5500 as the client, and setting the policy to aloow access to domain users. I receive an erro 6274 "Network Policy Server discarded the request for a user". I have registered the NPS service and configured the Radius client ,policy and WLC just like a previous location. but cannot seem to get it to login. the only difference is the previous system was win 2008 r2 and this one is win 2008 sp2.
does anyone have any suggestions
0
Comment
Question by:Darrell_Milam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35017915
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35019628
thank you for your reply.
We are not using SQL. Accounting has Sql <not configured> and Log is set to c:\Windows\System32\LogFiles\NPS. It did create and is adding to this file, so I do not think this tid applies.

can you thank of anything else to try?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35019766
Else can come from the CISCO itself : http://technet.microsoft.com/en-us/library/cc735339%28WS.10%29.aspx
Are you sure the cisco is up to date with latest firmware?
you can find guide here to configure, maybe it can be useful to review your configuration
- http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
- http://www.ranjodh.com/networking/setup-windows-server-2008-r2-as-radius-server-for-cisco-asa/
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020208
I'm using a controller from our lab which was setup and running with a radius win 2008 r2 server and we had no issues configuring and testing in that enviroment.
I have run through all the configurations again with no success.

I have tried to duplicate the problem in our test lab
the only way I can get the exact error on the server and the exact error on the controller which is " RADIUS server 10.10.10.2:1812 failed to respond to request (ID155) for client 00:13:ce:b4:a9:ad / user 'unknown' " Is to disable the EAP service on the server. I checked and the service on the production server is set to manual and not started. In the test lab it has these settings and it starts as soon as a client starts to connect. At this time I can not test to see if the service starts and not sure if it was started when I was having the touble. This may be the problem not sure why it would not start auto, I did try to start the service and it di with no errors.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020350
If the authentication is done with EAP, the service should be started. How to you authenticate your users? using username/password, certificate ?
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020386
domain uesrname/password
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35020627
I was poking around the policy and found an error.
under
Network Policy and Access Services\ NPS\ Policies\Network policies\
my wirless policy\ Constraints\Authentication Methods\
If I try to edit the "Microsoft: Protected EAP (PEAP)
I recieve and error "A Certificate could not be found that can be used with this Extensible Authentication protocol" please see attached image file

where in my certificate should I be looking?
error.bmp
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020649
Have you configured certificate on your production NPS server?
Are your clients trust the CA certificate which delivered the certificate for your NPS server?
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35020696
Ok, try this : http://technet.microsoft.com/en-us/library/cc730811.aspx
If you do not want to deploy CA in your production environement, you could relie on the CA set on your lab. (at least for testing purposes)
You will add to add the CA public certificate to the trusted root store on the client computer, as well as on the production server. Then you can follow the guide to request certificate on your lab, then export it to import on the production server.
Please let me know if you need more details.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022049
this is all being done on the domain controller, that also has the CA installed with web components. I have  installed the certificate to the server by going through the web interface. I added it to the Personal Certificates folder, Is that where it needs to be or should I install it somewhere else?

I did not want to go through the auto deployment of the certificate until I was sure everything else worked.

I thought it would add the certificate to the server during the install. I did not have to do that before in my test lab.

0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022061
sorry it is also in the trusted root certificates
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35022393
I think I finally got the certificate where it needed to be

opened mmc / certificate / computer/ Personal/ certificates

right clicked certificates requested new certif
from domain controller

and now I can edit the eap settings

I will have to check now to see if that did.  
Will not be able to see if it worked until friday.
i'll let you know
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 500 total points
ID: 35025383
yes it exists the computer store and the user store.
for server certificate, like NPS or other SSL (meaning HTTPS), the certificate must be imported in the computer store. Glad to see you found the way to import it.
0
 
LVL 2

Author Comment

by:Darrell_Milam
ID: 35056485
that did it
we tested today and everything is working fine thanks for all your help
0
 
LVL 2

Author Closing Comment

by:Darrell_Milam
ID: 35056545
did not find the exact place to add the certificate in tasmant's suggestions but his guidance did point me to the locations. I do think he should be awarded all the points
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question