• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5719
  • Last Modified:

NPS - The specified domain does not exist.

Have an issue with getting my VPN authorization to work with Radius. Seems that the connection works between NPS and Fortigate using MS-CHAPv2 but I keep getting the error "the domain specified does not exisit"

Domain Controller is Server 2008 R2
Domain Name: test.local
Pre 2003 Domain Name: test.com
Domain/Forest Level: 2003

Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
	Security ID:			TEST.COM\bob
	Account Name:			bob
	Account Domain:			TEST.COM
	Fully Qualified Account Name:	test.com\bob

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	OS-Version:			-
	Called Station Identifier:		-
	Calling Station Identifier:		126.15.245.xxx

	NAS IPv4 Address:		-
	NAS IPv6 Address:		-
	NAS Identifier:			FW01
	NAS Port-Type:			-
	NAS Port:			-

RADIUS Client:
	Client Friendly Name:		Fortigate
	Client IP Address:

Authentication Details:
	Connection Request Policy Name:	Use Windows authentication for all users
	Network Policy Name:		Connections to other access servers
	Authentication Provider:		Windows
	Authentication Server:		SVR01.test.local
	Authentication Type:		MS-CHAPv2
	EAP Type:			-
	Account Session Identifier:		3032643030303061
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			7
	Reason:				The specified domain does not exist.

Open in new window

1 Solution
EirejpAuthor Commented:
Okay looks like I posted to soon. Fixed it.

added a reg key to force authentication to the DNS name instead of the Netbios name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\ControlProtocols\BuiltIn\Default Domain

Key entry should be the DNS domain name.

Then noticed when restarting the server the NPS service was reporting that the domain test.local was unavailable.

Because the server is 2008 R2 and net bios is not in use I added a DNS forward lookup for the doman test.local and added the domain controllers in there.

Seems to be all good now.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now