Solved

NPS not able to do computer authentication

Posted on 2013-05-16
2
1,077 Views
Last Modified: 2013-05-21
Hi
All my computers has begun to authenticate as non-domain computers in my policies.
I assume its because the Client Machine name is put in under user: and not Client Machine:
Why would it begin to do that?
I have shutdown an old CA, so maybe it has something to do with that, but there is a new one running.

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  host/19kzy3.mydomain.local
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\19KZY3$

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.187
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  1

RADIUS Client:
      Client Friendly Name:            192.168.1.187
      Client IP Address:                  192.168.1.187

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Non Domain Computers (Guest)
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.








Last time it WAS working it looked like this (I was testing shutting Down Windows firewall, thats why it is non-compliant)

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\mdata
      Account Name:                  mydomain\mdata
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\mdata

Client Machine:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  19kzy3.mydomain.local
      Fully Qualified Account Name:      mydomain\19KZY3$
      OS-Version:                  5.1.2600 3.0 x86 Workstation
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.213
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  16

RADIUS Client:
      Client Friendly Name:            192.168.1.213
      Client IP Address:                  192.168.1.213

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Noncompliant
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.

Quarantine Information:
      Result:                        Full Access
      Session Identifier:                  {28B3D58C-DDB6-4901-9714-EF6747505547} - 2013-01-16 14:12:14.310Z
compliant.JPG
nondomain.JPG
0
Comment
Question by:mathiesen-data
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 2

Author Comment

by:mathiesen-data
ID: 39174107
Actually, I have discovered that the problem is that all the computers is seen as Non nap capable.
I have started security center, and Network access protection agent on the client.
Still no go :(
0
 
LVL 2

Accepted Solution

by:
mathiesen-data earned 0 total points
ID: 39185408
On the client side we found the setting for 'Enable Quarantine checks' was not enabled. Enabled the above option. Now clients were getting authenticated with the correct NAP policy. Clines started showing as NAP Compliant/ Non NAP Complement based on the SHA / SHV
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question