Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NPS not able to do computer authentication

Posted on 2013-05-16
2
Medium Priority
?
1,118 Views
Last Modified: 2013-05-21
Hi
All my computers has begun to authenticate as non-domain computers in my policies.
I assume its because the Client Machine name is put in under user: and not Client Machine:
Why would it begin to do that?
I have shutdown an old CA, so maybe it has something to do with that, but there is a new one running.

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  host/19kzy3.mydomain.local
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\19KZY3$

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.187
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  1

RADIUS Client:
      Client Friendly Name:            192.168.1.187
      Client IP Address:                  192.168.1.187

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Non Domain Computers (Guest)
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.








Last time it WAS working it looked like this (I was testing shutting Down Windows firewall, thats why it is non-compliant)

Network Policy Server granted access to a user.

User:
      Security ID:                  mydomain\mdata
      Account Name:                  mydomain\mdata
      Account Domain:                  mydomain
      Fully Qualified Account Name:      mydomain\mdata

Client Machine:
      Security ID:                  mydomain\19KZY3$
      Account Name:                  19kzy3.mydomain.local
      Fully Qualified Account Name:      mydomain\19KZY3$
      OS-Version:                  5.1.2600 3.0 x86 Workstation
      Called Station Identifier:            -
      Calling Station Identifier:            00-21-9B-E1-EB-31

NAS:
      NAS IPv4 Address:            192.168.1.213
      NAS IPv6 Address:            -
      NAS Identifier:                  GS2200
      NAS Port-Type:                  Ethernet
      NAS Port:                  16

RADIUS Client:
      Client Friendly Name:            192.168.1.213
      Client IP Address:                  192.168.1.213

Authentication Details:
      Connection Request Policy Name:      NAP 802.1X (Wired)
      Network Policy Name:            NAP 802.1X (Wired) Noncompliant
      Authentication Provider:            Windows
      Authentication Server:            NPS01.mydomain.local
      Authentication Type:            PEAP
      EAP Type:                  Microsoft: Secured password (EAP-MSCHAP v2)
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.

Quarantine Information:
      Result:                        Full Access
      Session Identifier:                  {28B3D58C-DDB6-4901-9714-EF6747505547} - 2013-01-16 14:12:14.310Z
compliant.JPG
nondomain.JPG
0
Comment
Question by:mathiesen-data
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 2

Author Comment

by:mathiesen-data
ID: 39174107
Actually, I have discovered that the problem is that all the computers is seen as Non nap capable.
I have started security center, and Network access protection agent on the client.
Still no go :(
0
 
LVL 2

Accepted Solution

by:
mathiesen-data earned 0 total points
ID: 39185408
On the client side we found the setting for 'Enable Quarantine checks' was not enabled. Enabled the above option. Now clients were getting authenticated with the correct NAP policy. Clines started showing as NAP Compliant/ Non NAP Complement based on the SHA / SHV
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question