Atiba
asked on
New CA & WPA2-EAP Wireless Network Using Network Policy Server (NPS), AD and Group Policies
I decommisioned the old CA server 2008 SP2 Domain Controller. I also removed all instances of it in AD. I setup a new CA Server 2008 R2 Member server. But I can't get my laptops to authenticate with the new CA Server. It is a member server running Windows 2008 R2 SP1. I get this error message when the client attempts to authenticate. "The following fatal alert was generated: 20. The internal error state is 960"
and also on the Event Viewer in Security option. It generates this message also...
Your help is greatly appreciated.
Log Name: Security
Source: Microsoft-Windows-Security -Auditing
Date: 8/23/2012 9:20:57 AM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: CERTSERV.domain1.com
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: USER\temp17-L$
Account Name: host/temp17-L.domain1.com
Account Domain: USER
Fully Qualified Account Name: USER\temp17-L$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00-19-77-31-07-51:CORP-WIF I
Calling Station Identifier: 00-24-D7-EB-AB-EC
NAS:
NAS IPv4 Address: 10.1.0.87
NAS IPv6 Address: -
NAS Identifier: AP05
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0
RADIUS Client:
Client Friendly Name: AP05
Client IP Address: 10.1.0.87
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: CERTSERV.domain1.com
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Se curity-Aud iting" Guid="{54849625-5478-4994- A5BA-3E3B0 328C30D}" />
<EventID>6273</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x80100000000000 00</Keywor ds>
<TimeCreated SystemTime="2012-08-23T14: 20:57.0650 95800Z" />
<EventRecordID>49173</Even tRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="532" />
<Channel>Security</Channel >
<Computer>CERTSERV.domain1 .com</Comp uter>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1- 5-21-35031 8053-15079 42464-6498 272-9267</ Data>
<Data Name="SubjectUserName">hos t/temp17-L .domain1.c om</Data>
<Data Name="SubjectDomainName">U SER</Data>
<Data Name="FullyQualifiedSubjec tUserName" >USER\temp 17-L$</Dat a>
<Data Name="SubjectMachineSID">S -1-0-0</Da ta>
<Data Name="SubjectMachineName"> -</Data>
<Data Name="FullyQualifiedSubjec tMachineNa me">-</Dat a>
<Data Name="MachineInventory">-< /Data>
<Data Name="CalledStationID">00- 19-77-31-0 7-51:CORP- WIFI</Data >
<Data Name="CallingStationID">00 -24-D7-EB- AB-EC</Dat a>
<Data Name="NASIPv4Address">10.1 .0.87</Dat a>
<Data Name="NASIPv6Address">-</D ata>
<Data Name="NASIdentifier">AP05< /Data>
<Data Name="NASPortType">Wireles s - IEEE 802.11</Data>
<Data Name="NASPort">0</Data>
<Data Name="ClientName">AP05</Da ta>
<Data Name="ClientIPAddress">10. 1.0.87</Da ta>
<Data Name="ProxyPolicyName">Sec ure Wireless Connections</Data>
<Data Name="NetworkPolicyName">S ecure Wireless Connections</Data>
<Data Name="AuthenticationProvid er">Window s</Data>
<Data Name="AuthenticationServer ">CERTSERV .domain1.c om</Data>
<Data Name="AuthenticationType"> PEAP</Data >
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdenti fier">-</D ata>
<Data Name="ReasonCode">23</Data >
<Data Name="Reason">An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.</Data>
<Data Name="LoggingResult">Accou nting information was written to the local log file.</Data>
</EventData>
</Event>
and also on the Event Viewer in Security option. It generates this message also...
Your help is greatly appreciated.
Log Name: Security
Source: Microsoft-Windows-Security
Date: 8/23/2012 9:20:57 AM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: CERTSERV.domain1.com
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: USER\temp17-L$
Account Name: host/temp17-L.domain1.com
Account Domain: USER
Fully Qualified Account Name: USER\temp17-L$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00-19-77-31-07-51:CORP-WIF
Calling Station Identifier: 00-24-D7-EB-AB-EC
NAS:
NAS IPv4 Address: 10.1.0.87
NAS IPv6 Address: -
NAS Identifier: AP05
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0
RADIUS Client:
Client Friendly Name: AP05
Client IP Address: 10.1.0.87
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: CERTSERV.domain1.com
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Se
<EventID>6273</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x80100000000000
<TimeCreated SystemTime="2012-08-23T14:
<EventRecordID>49173</Even
<Correlation />
<Execution ProcessID="484" ThreadID="532" />
<Channel>Security</Channel
<Computer>CERTSERV.domain1
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-
<Data Name="SubjectUserName">hos
<Data Name="SubjectDomainName">U
<Data Name="FullyQualifiedSubjec
<Data Name="SubjectMachineSID">S
<Data Name="SubjectMachineName">
<Data Name="FullyQualifiedSubjec
<Data Name="MachineInventory">-<
<Data Name="CalledStationID">00-
<Data Name="CallingStationID">00
<Data Name="NASIPv4Address">10.1
<Data Name="NASIPv6Address">-</D
<Data Name="NASIdentifier">AP05<
<Data Name="NASPortType">Wireles
<Data Name="NASPort">0</Data>
<Data Name="ClientName">AP05</Da
<Data Name="ClientIPAddress">10.
<Data Name="ProxyPolicyName">Sec
<Data Name="NetworkPolicyName">S
<Data Name="AuthenticationProvid
<Data Name="AuthenticationServer
<Data Name="AuthenticationType">
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdenti
<Data Name="ReasonCode">23</Data
<Data Name="Reason">An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.</Data>
<Data Name="LoggingResult">Accou
</EventData>
</Event>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.