Solved

NPS not able to do computer authentication

Posted on 2013-05-16
2
1,043 Views
Last Modified: 2013-05-21
Hi
All my computers has begun to authenticate as non-domain computers in my policies.
I assume its because the Client Machine name is put in under user: and not Client Machine:
Why would it begin to do that?
I have shutdown an old CA, so maybe it has something to do with that, but there is a new one running.

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  host/19kzy3.mydomain.local
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\19KZY3$

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.187
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  1

RADIUS Client:
      Client Friendly Name:            192.168.1.187
      Client IP Address:                  192.168.1.187

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Non Domain Computers (Guest)
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.








Last time it WAS working it looked like this (I was testing shutting Down Windows firewall, thats why it is non-compliant)

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\mdata
      Account Name:                  mydomain\mdata
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\mdata

Client Machine:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  19kzy3.mydomain.local
      Fully Qualified Account Name:      mydomain\19KZY3$
      OS-Version:                  5.1.2600 3.0 x86 Workstation
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.213
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  16

RADIUS Client:
      Client Friendly Name:            192.168.1.213
      Client IP Address:                  192.168.1.213

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Noncompliant
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.

Quarantine Information:
      Result:                        Full Access
      Session Identifier:                  {28B3D58C-DDB6-4901-9714-EF6747505547} - 2013-01-16 14:12:14.310Z
compliant.JPG
nondomain.JPG
0
Comment
Question by:mathiesen-data
  • 2
2 Comments
 
LVL 2

Author Comment

by:mathiesen-data
ID: 39174107
Actually, I have discovered that the problem is that all the computers is seen as Non nap capable.
I have started security center, and Network access protection agent on the client.
Still no go :(
0
 
LVL 2

Accepted Solution

by:
mathiesen-data earned 0 total points
ID: 39185408
On the client side we found the setting for 'Enable Quarantine checks' was not enabled. Enabled the above option. Now clients were getting authenticated with the correct NAP policy. Clines started showing as NAP Compliant/ Non NAP Complement based on the SHA / SHV
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now