NPS Server 2008 Radius "The connection request did not match any configured network policy"

awilderbeast
awilderbeast used Ask the Experts™
on
Hi all,

ive setup a cisco to radius VPN connection, the cisco config is all done and running as im getting through to the radius server

ive took screns of each of the settings of the network policy in question
im using the cisco VPN Client to connect if that helps

Thanks for any help
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          05/08/2011 09:25:24
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      DC1-Firewall.DOMAIN.local
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
	Security ID:			DOMAIN\AlexW
	Account Name:			AlexW
	Account Domain:			DOMAIN
	Fully Qualified Account Name:	DOMAIN\AlexW

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	OS-Version:			-
	Called Station Identifier:		-
	Calling Station Identifier:		-

NAS:
	NAS IPv4 Address:		192.168.101.254
	NAS IPv6 Address:		-
	NAS Identifier:			-
	NAS Port-Type:			Virtual
	NAS Port:			7

RADIUS Client:
	Client Friendly Name:		Cisco 887
	Client IP Address:			192.168.101.254

Authentication Details:
	Connection Request Policy Name:	Use Windows authentication for all users
	Network Policy Name:		-
	Authentication Provider:		Windows
	Authentication Server:		DC1-Firewall.domain.local
	Authentication Type:		PAP
	EAP Type:			-
	Account Session Identifier:		-
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			48
	Reason:				The connection request did not match any configured network policy.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{}" />
    <EventID>6273</EventID>
    <Version>1</Version>
    <Level>0</Level>
    <Task>12552</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2011-08-05T08:25:24.555262100Z" />
    <EventRecordID>2774456</EventRecordID>
    <Correlation />
    <Execution ProcessID="548" ThreadID="3628" />
    <Channel>Security</Channel>
    <Computer>DC1-Firewall.DOMAIN.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid"></Data>
    <Data Name="SubjectUserName">AlexW</Data>
    <Data Name="SubjectDomainName">DOMAIN</Data>
    <Data Name="FullyQualifiedSubjectUserName">DOMAIN\AlexW</Data>
    <Data Name="SubjectMachineSID">S-1-0-0</Data>
    <Data Name="SubjectMachineName">-</Data>
    <Data Name="FullyQualifiedSubjectMachineName">-</Data>
    <Data Name="MachineInventory">-</Data>
    <Data Name="CalledStationID">-</Data>
    <Data Name="CallingStationID">-</Data>
    <Data Name="NASIPv4Address">192.168.101.254</Data>
    <Data Name="NASIPv6Address">-</Data>
    <Data Name="NASIdentifier">-</Data>
    <Data Name="NASPortType">Virtual</Data>
    <Data Name="NASPort">7</Data>
    <Data Name="ClientName">Cisco 887</Data>
    <Data Name="ClientIPAddress">192.168.101.254</Data>
    <Data Name="ProxyPolicyName">Use Windows authentication for all users</Data>
    <Data Name="NetworkPolicyName">-</Data>
    <Data Name="AuthenticationProvider">Windows</Data>
    <Data Name="AuthenticationServer">DC1-Firewall.domain.local</Data>
    <Data Name="AuthenticationType">PAP</Data>
    <Data Name="EAPType">-</Data>
    <Data Name="AccountSessionIdentifier">-</Data>
    <Data Name="ReasonCode">48</Data>
    <Data Name="Reason">The connection request did not match any configured network policy.</Data>
    <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
  </EventData>
</Event>

Open in new window

Overview.png
Conditions.png
Constraints-Auth.png
Constraints-Idle-Timeout.png
Constraints-Session-Timeout.png
Constraints-Call.png
Constraints-Day.png
Constraints-NAS.png
Settings-Std.png
Settings-Vendor.png
Settings-NAP-Enforce.png
Settings-State.png
Settings-Multilink.png
Settings-IP.png
Settings-Encrypt.png
Settings-Filters.png
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
So did you create a network policy in NPS? Can't see it here.

Author

Commented:
that is the policy?
policy.png
Senior infrastructure engineer
Top Expert 2012
Commented:
Ah, ok.

Looks like there might be some settings that need tweaking. Have a look at: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_24705191.html
That helped me configuring such a set up the first time.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

the settings where on the NPS server, got it sorted and users are allowed in now :)

i needed to change the Network policy to accept

MS-Chap-vs and Ms-chap and unecrypted(pap/spap)

and thats it :)

Author

Commented:
settings did need tweeking so will give some points for that
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
Glad you were able to figure it out :)

Thx for the points.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial