RADIUS connection to Win Server 2016

I had this question after viewing RADIUS Authentication Problem in Windows Server 2016.

Same issue; I am trying to connect handheld devices for internet access.   Struggling for a week with no success.   Have gone through all the steps, installed certificate, etc.
Always receiving an Authentication problem.
I checked the event logs and could not find anything relevant, maybe I am looking in the wrong place?   Nothing RADIUS related.
Please help if you can.
Thanks.
Aldo BaraniAsked:
Who is Participating?
 
Cliff GaliherCommented:
The security log would be where to look, and if you have a device handy, you know what time range to look in.

As for the rest, you admit your knowledge is limited (nothing wrong with that), and that is exactly the *right* time to hire a consultant.  I say this having no skin in the game. While I sometimes accept gigs via EE, I have more work than I need right now and would not be able to take on the project myself at this time. So my suggestion to grab a consultant is for you, not me.  No ulterior motives there.

One of two things is true:

The configuration is *very* wrong in which case, yes, it'll take a consultant hours...but that's what is needed.
or 2) it is fairly standard and an experienced expert won't take hours. They don't need to know the intricacies of your network to fix the problem.  If things are even close to the right setup, it's a 15-30 minute affair with minimal input.  If that's too much to ask then you are probably on the right track to drop it and move on. You've probably spent more in labor than the project is worth already.

-Cliff
0
 
Cliff GaliherCommented:
Default configuration has event logs are created when NPS handles a radius request, success or fail.

If you aren't seeing logs then you might not be looking closely enough. Or the default event log settings were changed. Or the radius client is not configured to point to the right server/port.

It's going to be one of those things.
0
 
Adam BrownSr Solutions ArchitectCommented:
Are you using EAP or PEAP authentication for the session on the phones? EAP requires device and user certificates for each phone and those have to be distributed.
1
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
Aldo BaraniAuthor Commented:
I'm using PEAP; I am using a 3rd party RADIUS server for years, however the plan is to migrate all domain users to the Windows based RADIUS and use the 3rd party for IoS clients and guest users; however, after struggling for 1 week with no results in sight that does not seem likely to happen.  Something is wrong, but I cannot find what since there is no log to shed some light on the authentication problem.   The 3rd party RADIUS allows flawless access to the users registered on the AD.
I have a RADIUS configured in the NPS, and also defined Connexion Request policy and  Network policy for the wireless connexions.
0
 
Aldo BaraniAuthor Commented:
Cliff, thanks for the suggestion.
I'm not an IT practitioner, even though I do IT work, and my knowledge is limited.
I cannot find any event related to RADIUS authentication, maybe there is none; I've never used the Event Viewer before and my queries are rejected, either for too many records or for some other reason.   But perusing through the events I cannot find anything relevant.   If you can direct me how to look for user authentication failure through the RADIUS client requests, I will do it.
Hiring some consultant is out of question, it will take ours just to understand what's going on and I do not have a budget for that.  So I will have to fix it myself or drop it and move on.
To the best of my knowledge, all configurations are right but it won't connect.
0
 
Aldo BaraniAuthor Commented:
I just could not drop it... Anyway, it works now!   The configuration was fine, the certificate in the right store; by chance I discovered that when the 3rd party RADIUS server is switched off, the AD users could connect through the NPS RADIUS client; switch the external RADIUS on, and all AD users are disconnected and could not reconnect until the external RAD is off again.   However, the 3rd party RADIUS users are not affected.
The two RADIUS servers run on different computers and obviously have different IPs; they are both setup in the Cisco controller, with different secrets.   The clients connected through the 3rd party RAD are not domain users.
I can't identify the cause from the event logs.
Any ideas what could cause this condition?
Thanks.
0
 
Cliff GaliherCommented:
If the client is talking to the 3rd party radius server and that server is responding that the user doesn't exist the client has no reason to fall back to anither server. That's 100% a client configuration issue  not an NPS problem.
1
 
Aldo BaraniAuthor Commented:
Makes sense, however it works just one way since the 3rd party radius takes precedence; so I will have to check the configuration.
Thanks
0
 
Aldo BaraniAuthor Commented:
You were correct, it is documented by Cisco.
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.