Solved

NPS not able to do computer authentication

Posted on 2013-05-16
2
1,058 Views
Last Modified: 2013-05-21
Hi
All my computers has begun to authenticate as non-domain computers in my policies.
I assume its because the Client Machine name is put in under user: and not Client Machine:
Why would it begin to do that?
I have shutdown an old CA, so maybe it has something to do with that, but there is a new one running.

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  host/19kzy3.mydomain.local
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\19KZY3$

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.187
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  1

RADIUS Client:
      Client Friendly Name:            192.168.1.187
      Client IP Address:                  192.168.1.187

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Non Domain Computers (Guest)
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.








Last time it WAS working it looked like this (I was testing shutting Down Windows firewall, thats why it is non-compliant)

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\mdata
      Account Name:                  mydomain\mdata
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\mdata

Client Machine:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  19kzy3.mydomain.local
      Fully Qualified Account Name:      mydomain\19KZY3$
      OS-Version:                  5.1.2600 3.0 x86 Workstation
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.213
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  16

RADIUS Client:
      Client Friendly Name:            192.168.1.213
      Client IP Address:                  192.168.1.213

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Noncompliant
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.

Quarantine Information:
      Result:                        Full Access
      Session Identifier:                  {28B3D58C-DDB6-4901-9714-EF6747505547} - 2013-01-16 14:12:14.310Z
compliant.JPG
nondomain.JPG
0
Comment
Question by:mathiesen-data
  • 2
2 Comments
 
LVL 2

Author Comment

by:mathiesen-data
ID: 39174107
Actually, I have discovered that the problem is that all the computers is seen as Non nap capable.
I have started security center, and Network access protection agent on the client.
Still no go :(
0
 
LVL 2

Accepted Solution

by:
mathiesen-data earned 0 total points
ID: 39185408
On the client side we found the setting for 'Enable Quarantine checks' was not enabled. Enabled the above option. Now clients were getting authenticated with the correct NAP policy. Clines started showing as NAP Compliant/ Non NAP Complement based on the SHA / SHV
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question