Solved

RADIUS Server on Windows 2008 not working

Posted on 2013-02-06
18
621 Views
Last Modified: 2013-03-11
Hi,

I have got a virtual machine running Windows Server 2008 with AD and NPS.

I have configured NPS and got a certificate available for laptops connecting. However, it is not allowing a Win7 and WinXP to connect to the server through the Cisco.

On Win7, it comes up with the WAP key and I have entered it, but it fails.

But on an Apple device, connecting to RADIUS, it has a username and password. Not a WAP key.

Any ideas why Win7 and WinXP laptops are not connecting to RADIUS?

Regards
HorshamIT
0
Comment
Question by:Tony
  • 10
  • 7
18 Comments
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 38859450
Make sure you set Wireless Setting on WinXP and Wi7 to use WPA2-Enterprise (preferably - same as you've set on Cisco) and to use the same encryption as you've set on Radius.
most likely PEAP-MsChap V2

Apple devices detect settings automatically
Win7 might detect settings automatically
Win XP don't

more here: http://www.eduroam.ie/userdocs/winxp-peap.php You must ofcourse change settings to correspond to your NPS settings
0
 
LVL 1

Author Comment

by:Tony
ID: 38859864
Hi,

Thanks for the reply.

I have attached the settings on the Cisco (Cisco.jpg) and also by adding the Win7 to the network manually (Manual.jpg) and by going the Network And Sharing Centre quicklaunch (Standard.jpg).

Regards
HorshamIT
Manual.PNG
Standard.PNG
Cisco.jpg
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 38861486
Windows 7 should tell you it couldn't connect if you let it automatically find the network.  If it's asking for a WPA key I'd guess you've either configured a GPO to enforce the wireless settings and it's wrong, or your AP is advertising the wrong security type to the client.

With your manual configuration you probably need to untick the 'Validate Server Certificate' box in the Authentication settings box where you have configured the WLAN on your Win7 machine.

Check this out...

http://danielmiessler.com/blog/how-to-use-wpa-2-enterprise-in-windows-7
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 1

Author Comment

by:Tony
ID: 38875078
Hi,

I did post a reply but somehow it's gone.

I have tried the above and got through all the stages, however after the final stage it did not give me a username and password box. We also need to find out if RADIUS or WPA2 - Enterprise is supported by XP as most of our company is still running XP as the OS.

I have attached my server config to see if anything has been set up incorrectly.

Regards
HorshamIT
UKHORSHCSDT4444-0451.jpg
UKHORSHCSDT4444-0450.jpg
UKHORSHCSDT4444-0449.jpg
UKHORSHCSDT4444-0448.jpg
UKHORSHCSDT4444-0447.jpg
UKHORSHCSDT4444-0446.jpg
UKHORSHCSDT4444-0445.jpg
UKHORSHCSDT4444-0444.jpg
UKHORSHCSDT4444-0443.jpg
UKHORSHCSDT4444-0442.jpg
UKHORSHCSDT4444-0441.jpg
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 500 total points
ID: 38875178
Ok, a few things here.

First, you've configured a remote RADIUS group, yet you don't want or need this if you are authenticating requests on that server.  Remove the RADIUS server group and undo the forwarding options in UKHORSHCSDT4444-0447.jpg and UKHORSHCSDT4444-0448.jpg.
Basically, if you only have one RADIUS or NPS server you don't need to do anything with the Connection Request Policy.  All you need is a Network Policy.

You've set the type of access server as DHCP server.  You don't need this either.  Just leave it as Unspecified.

UKHORSHCSDT4444-0445.jpg - untick the two options at the bottom of the page to test.  You shouldn't need those to be selected unless you are actually using NAP and some special RADIUS attributes.
0
 
LVL 1

Author Comment

by:Tony
ID: 38875767
Hi Craig,

Thanks for your help but, I have done what you have advised and have still got problems connecting and also a few concerns.

At the moment, we have only tested one Cisco in a controlled environment but in the future, when it goes live we will have 10+ in the same setup so the settings i changed in your first paragraph will affect multiple NPS servers.

Also each of our sites have got their own DHCP range given out by DHCP servers on site, so is setting the type of access also going to stop that.

However my concern is the settings on the client pc is still not alloing me to connect or not showing a username/password box unless I manually configure it.

Regards
HorshamIT
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 38875826
Ok, the number of APs or NPS servers isn't an issue.  To use multiple NPS servers you should configure them on the APs as RADIUS servers.  If you use just one NPS server to handle the initial RADIUS request then forward to multiple servers you are actually removing the redundancy as your APs will only be looking at the first NPS server and not the others.

So, if you have two NPS servers (for example), configure them both on your APs and set them in priority order (primary and backup) so you can use them all without the complex configuration at the RADIUS server side.

The fact that you have a DHCP server isn't an issue at all here.  Setting the RADIUS server type won't give you any benefit at all, so it's only ever going to cause you problems if anything.

Can you delete the manual WLAN profile you created on the client and let it detect the WLAN itself, then post a screenshot from the Security tab (which includes the type of authentication, etc), and the Advanced settings within that tab?
0
 
LVL 1

Author Comment

by:Tony
ID: 38875846
Please see screenshots of complete computer configuration for RADIUS server
1.PNG
2.PNG
3.PNG
4.PNG
5.PNG
6.PNG
7.PNG
8.PNG
9.PNG
10.PNG
11.PNG
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 38876075
In image 9, you need to specify User Authentication.
0
 
LVL 1

Author Comment

by:Tony
ID: 38876116
Hi Craig,

Sorry I took the screenshots after setting that.

Can I ask why it is still being affected or is their any other software required for RADIUS to run e.g. SQL or ForeFront. is the server also being a cause running AD or other features that are making RADIUS fail.

Regards
HorshamIT
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 38876190
That's why I wanted a screenshot of what Windows thinks it is seeing - not what you've specifically set, but it's ok as long as you have set the User Authentication option.

There isn't any other software required for RADIUS to work - it is all contained within the NPS role.

Can you provide some of the NPS logs from the server?  You'll find them in Custom Logs, not the usual System log as you used to with IAS.
0
 
LVL 1

Author Comment

by:Tony
ID: 38879349
Please see attached custom logs.
RADIUS-Server.xml
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 38879894
There's nothing in those logs!

Maybe you've not allowed ports 1812 and 1813 through the firewall on the NPS server.

Can you ping the AP from the NPS server?
0
 
LVL 1

Author Comment

by:Tony
ID: 38879945
Hi Craig,

Please see attached.

What I might do is go back to my snapshot before NPS and go through the stages again but I have looked at what I have done against a Youtube tutorial and I do not know how I have mucked up.

Regards
HorshamIT
UKHORSHCSDT4444-0005.jpg
UKHORSHCSDT4444-0006.jpg
UKHORSHCSDT4444-0007.jpg
0
 
LVL 1

Author Comment

by:Tony
ID: 38885416
Hi,

Just an update, I have reset NPS and setted up the connections shown in the previous posts.

I have still got the same issue with RADIUS not allowing Win7 and WinXP from connecting.

Regards
Max
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 38885741
Set the firewall rule to work for any profile.  At the moment it's just configured for the Domain profile.

You really need to be seeing something in the NPS logs, even if it's just something about an invalid NAS client.  The fact that there is absolutely nothing there suggests the AP can't talk to the RADIUS server.
0
 
LVL 1

Author Comment

by:Tony
ID: 38888420
Hi Craig,

I have now set the firewall to disabled. For the NPS logs, my server is not showing any errors since 12/02/2013.

I have also noticed that the Win7 setup is doing what it should do as it keeps trying to connect when I open the available networks list.

However I cannot get the Win7 laptop to connect to the network other than via the trusty cable.

I will look back into this in 2 weeks time as I will be on leave after tomorrow. If you wouldn't mind pointing in the direction of websites that show a complete setup step by step as the video tutorial: http://bit.ly/XE2zHg shows the complete setup and have followed this quite a few times now.

Regards
HorshamIT
0
 
LVL 1

Author Closing Comment

by:Tony
ID: 38973582
Although i have still not been able to resolve the issue, we have put this on back burner as we are not going with this method and my manager does not wish me to spend time on this at present.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now