Solved

NPS not able to do computer authentication

Posted on 2013-05-16
2
1,029 Views
Last Modified: 2013-05-21
Hi
All my computers has begun to authenticate as non-domain computers in my policies.
I assume its because the Client Machine name is put in under user: and not Client Machine:
Why would it begin to do that?
I have shutdown an old CA, so maybe it has something to do with that, but there is a new one running.

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  host/19kzy3.mydomain.local
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\19KZY3$

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.187
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  1

RADIUS Client:
      Client Friendly Name:            192.168.1.187
      Client IP Address:                  192.168.1.187

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Non Domain Computers (Guest)
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.








Last time it WAS working it looked like this (I was testing shutting Down Windows firewall, thats why it is non-compliant)

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\mdata
      Account Name:                  mydomain\mdata
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\mdata

Client Machine:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  19kzy3.mydomain.local
      Fully Qualified Account Name:      mydomain\19KZY3$
      OS-Version:                  5.1.2600 3.0 x86 Workstation
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.213
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  16

RADIUS Client:
      Client Friendly Name:            192.168.1.213
      Client IP Address:                  192.168.1.213

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Noncompliant
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.

Quarantine Information:
      Result:                        Full Access
      Session Identifier:                  {28B3D58C-DDB6-4901-9714-EF6747505547} - 2013-01-16 14:12:14.310Z
compliant.JPG
nondomain.JPG
0
Comment
Question by:mathiesen-data
  • 2
2 Comments
 
LVL 2

Author Comment

by:mathiesen-data
ID: 39174107
Actually, I have discovered that the problem is that all the computers is seen as Non nap capable.
I have started security center, and Network access protection agent on the client.
Still no go :(
0
 
LVL 2

Accepted Solution

by:
mathiesen-data earned 0 total points
ID: 39185408
On the client side we found the setting for 'Enable Quarantine checks' was not enabled. Enabled the above option. Now clients were getting authenticated with the correct NAP policy. Clines started showing as NAP Compliant/ Non NAP Complement based on the SHA / SHV
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now