Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RADIUS Server on Windows 2008 not working

Posted on 2013-02-06
18
Medium Priority
?
640 Views
Last Modified: 2013-03-11
Hi,

I have got a virtual machine running Windows Server 2008 with AD and NPS.

I have configured NPS and got a certificate available for laptops connecting. However, it is not allowing a Win7 and WinXP to connect to the server through the Cisco.

On Win7, it comes up with the WAP key and I have entered it, but it fails.

But on an Apple device, connecting to RADIUS, it has a username and password. Not a WAP key.

Any ideas why Win7 and WinXP laptops are not connecting to RADIUS?

Regards
HorshamIT
0
Comment
Question by:Wolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 7
18 Comments
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 38859450
Make sure you set Wireless Setting on WinXP and Wi7 to use WPA2-Enterprise (preferably - same as you've set on Cisco) and to use the same encryption as you've set on Radius.
most likely PEAP-MsChap V2

Apple devices detect settings automatically
Win7 might detect settings automatically
Win XP don't

more here: http://www.eduroam.ie/userdocs/winxp-peap.php You must ofcourse change settings to correspond to your NPS settings
0
 
LVL 1

Author Comment

by:Wolf
ID: 38859864
Hi,

Thanks for the reply.

I have attached the settings on the Cisco (Cisco.jpg) and also by adding the Win7 to the network manually (Manual.jpg) and by going the Network And Sharing Centre quicklaunch (Standard.jpg).

Regards
HorshamIT
Manual.PNG
Standard.PNG
Cisco.jpg
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38861486
Windows 7 should tell you it couldn't connect if you let it automatically find the network.  If it's asking for a WPA key I'd guess you've either configured a GPO to enforce the wireless settings and it's wrong, or your AP is advertising the wrong security type to the client.

With your manual configuration you probably need to untick the 'Validate Server Certificate' box in the Authentication settings box where you have configured the WLAN on your Win7 machine.

Check this out...

http://danielmiessler.com/blog/how-to-use-wpa-2-enterprise-in-windows-7
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 1

Author Comment

by:Wolf
ID: 38875078
Hi,

I did post a reply but somehow it's gone.

I have tried the above and got through all the stages, however after the final stage it did not give me a username and password box. We also need to find out if RADIUS or WPA2 - Enterprise is supported by XP as most of our company is still running XP as the OS.

I have attached my server config to see if anything has been set up incorrectly.

Regards
HorshamIT
UKHORSHCSDT4444-0451.jpg
UKHORSHCSDT4444-0450.jpg
UKHORSHCSDT4444-0449.jpg
UKHORSHCSDT4444-0448.jpg
UKHORSHCSDT4444-0447.jpg
UKHORSHCSDT4444-0446.jpg
UKHORSHCSDT4444-0445.jpg
UKHORSHCSDT4444-0444.jpg
UKHORSHCSDT4444-0443.jpg
UKHORSHCSDT4444-0442.jpg
UKHORSHCSDT4444-0441.jpg
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 1500 total points
ID: 38875178
Ok, a few things here.

First, you've configured a remote RADIUS group, yet you don't want or need this if you are authenticating requests on that server.  Remove the RADIUS server group and undo the forwarding options in UKHORSHCSDT4444-0447.jpg and UKHORSHCSDT4444-0448.jpg.
Basically, if you only have one RADIUS or NPS server you don't need to do anything with the Connection Request Policy.  All you need is a Network Policy.

You've set the type of access server as DHCP server.  You don't need this either.  Just leave it as Unspecified.

UKHORSHCSDT4444-0445.jpg - untick the two options at the bottom of the page to test.  You shouldn't need those to be selected unless you are actually using NAP and some special RADIUS attributes.
0
 
LVL 1

Author Comment

by:Wolf
ID: 38875767
Hi Craig,

Thanks for your help but, I have done what you have advised and have still got problems connecting and also a few concerns.

At the moment, we have only tested one Cisco in a controlled environment but in the future, when it goes live we will have 10+ in the same setup so the settings i changed in your first paragraph will affect multiple NPS servers.

Also each of our sites have got their own DHCP range given out by DHCP servers on site, so is setting the type of access also going to stop that.

However my concern is the settings on the client pc is still not alloing me to connect or not showing a username/password box unless I manually configure it.

Regards
HorshamIT
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 1500 total points
ID: 38875826
Ok, the number of APs or NPS servers isn't an issue.  To use multiple NPS servers you should configure them on the APs as RADIUS servers.  If you use just one NPS server to handle the initial RADIUS request then forward to multiple servers you are actually removing the redundancy as your APs will only be looking at the first NPS server and not the others.

So, if you have two NPS servers (for example), configure them both on your APs and set them in priority order (primary and backup) so you can use them all without the complex configuration at the RADIUS server side.

The fact that you have a DHCP server isn't an issue at all here.  Setting the RADIUS server type won't give you any benefit at all, so it's only ever going to cause you problems if anything.

Can you delete the manual WLAN profile you created on the client and let it detect the WLAN itself, then post a screenshot from the Security tab (which includes the type of authentication, etc), and the Advanced settings within that tab?
0
 
LVL 1

Author Comment

by:Wolf
ID: 38875846
Please see screenshots of complete computer configuration for RADIUS server
1.PNG
2.PNG
3.PNG
4.PNG
5.PNG
6.PNG
7.PNG
8.PNG
9.PNG
10.PNG
11.PNG
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38876075
In image 9, you need to specify User Authentication.
0
 
LVL 1

Author Comment

by:Wolf
ID: 38876116
Hi Craig,

Sorry I took the screenshots after setting that.

Can I ask why it is still being affected or is their any other software required for RADIUS to run e.g. SQL or ForeFront. is the server also being a cause running AD or other features that are making RADIUS fail.

Regards
HorshamIT
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38876190
That's why I wanted a screenshot of what Windows thinks it is seeing - not what you've specifically set, but it's ok as long as you have set the User Authentication option.

There isn't any other software required for RADIUS to work - it is all contained within the NPS role.

Can you provide some of the NPS logs from the server?  You'll find them in Custom Logs, not the usual System log as you used to with IAS.
0
 
LVL 1

Author Comment

by:Wolf
ID: 38879349
Please see attached custom logs.
RADIUS-Server.xml
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38879894
There's nothing in those logs!

Maybe you've not allowed ports 1812 and 1813 through the firewall on the NPS server.

Can you ping the AP from the NPS server?
0
 
LVL 1

Author Comment

by:Wolf
ID: 38879945
Hi Craig,

Please see attached.

What I might do is go back to my snapshot before NPS and go through the stages again but I have looked at what I have done against a Youtube tutorial and I do not know how I have mucked up.

Regards
HorshamIT
UKHORSHCSDT4444-0005.jpg
UKHORSHCSDT4444-0006.jpg
UKHORSHCSDT4444-0007.jpg
0
 
LVL 1

Author Comment

by:Wolf
ID: 38885416
Hi,

Just an update, I have reset NPS and setted up the connections shown in the previous posts.

I have still got the same issue with RADIUS not allowing Win7 and WinXP from connecting.

Regards
Max
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38885741
Set the firewall rule to work for any profile.  At the moment it's just configured for the Domain profile.

You really need to be seeing something in the NPS logs, even if it's just something about an invalid NAS client.  The fact that there is absolutely nothing there suggests the AP can't talk to the RADIUS server.
0
 
LVL 1

Author Comment

by:Wolf
ID: 38888420
Hi Craig,

I have now set the firewall to disabled. For the NPS logs, my server is not showing any errors since 12/02/2013.

I have also noticed that the Win7 setup is doing what it should do as it keeps trying to connect when I open the available networks list.

However I cannot get the Win7 laptop to connect to the network other than via the trusty cable.

I will look back into this in 2 weeks time as I will be on leave after tomorrow. If you wouldn't mind pointing in the direction of websites that show a complete setup step by step as the video tutorial: http://bit.ly/XE2zHg shows the complete setup and have followed this quite a few times now.

Regards
HorshamIT
0
 
LVL 1

Author Closing Comment

by:Wolf
ID: 38973582
Although i have still not been able to resolve the issue, we have put this on back burner as we are not going with this method and my manager does not wish me to spend time on this at present.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Summer 2017 Scholarship Winners have been announced!
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question