RADIUS connection to Win Server 2016

I had this question after viewing RADIUS Authentication Problem in Windows Server 2016.

Same issue; I am trying to connect handheld devices for internet access.   Struggling for a week with no success.   Have gone through all the steps, installed certificate, etc.
Always receiving an Authentication problem.
I checked the event logs and could not find anything relevant, maybe I am looking in the wrong place?   Nothing RADIUS related.
Please help if you can.
Aldo BaraniAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Default configuration has event logs are created when NPS handles a radius request, success or fail.

If you aren't seeing logs then you might not be looking closely enough. Or the default event log settings were changed. Or the radius client is not configured to point to the right server/port.

It's going to be one of those things.
Adam BrownSr Solutions ArchitectCommented:
Are you using EAP or PEAP authentication for the session on the phones? EAP requires device and user certificates for each phone and those have to be distributed.
Aldo BaraniAuthor Commented:
I'm using PEAP; I am using a 3rd party RADIUS server for years, however the plan is to migrate all domain users to the Windows based RADIUS and use the 3rd party for IoS clients and guest users; however, after struggling for 1 week with no results in sight that does not seem likely to happen.  Something is wrong, but I cannot find what since there is no log to shed some light on the authentication problem.   The 3rd party RADIUS allows flawless access to the users registered on the AD.
I have a RADIUS configured in the NPS, and also defined Connexion Request policy and  Network policy for the wireless connexions.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Aldo BaraniAuthor Commented:
Cliff, thanks for the suggestion.
I'm not an IT practitioner, even though I do IT work, and my knowledge is limited.
I cannot find any event related to RADIUS authentication, maybe there is none; I've never used the Event Viewer before and my queries are rejected, either for too many records or for some other reason.   But perusing through the events I cannot find anything relevant.   If you can direct me how to look for user authentication failure through the RADIUS client requests, I will do it.
Hiring some consultant is out of question, it will take ours just to understand what's going on and I do not have a budget for that.  So I will have to fix it myself or drop it and move on.
To the best of my knowledge, all configurations are right but it won't connect.
Cliff GaliherCommented:
The security log would be where to look, and if you have a device handy, you know what time range to look in.

As for the rest, you admit your knowledge is limited (nothing wrong with that), and that is exactly the *right* time to hire a consultant.  I say this having no skin in the game. While I sometimes accept gigs via EE, I have more work than I need right now and would not be able to take on the project myself at this time. So my suggestion to grab a consultant is for you, not me.  No ulterior motives there.

One of two things is true:

The configuration is *very* wrong in which case, yes, it'll take a consultant hours...but that's what is needed.
or 2) it is fairly standard and an experienced expert won't take hours. They don't need to know the intricacies of your network to fix the problem.  If things are even close to the right setup, it's a 15-30 minute affair with minimal input.  If that's too much to ask then you are probably on the right track to drop it and move on. You've probably spent more in labor than the project is worth already.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aldo BaraniAuthor Commented:
I just could not drop it... Anyway, it works now!   The configuration was fine, the certificate in the right store; by chance I discovered that when the 3rd party RADIUS server is switched off, the AD users could connect through the NPS RADIUS client; switch the external RADIUS on, and all AD users are disconnected and could not reconnect until the external RAD is off again.   However, the 3rd party RADIUS users are not affected.
The two RADIUS servers run on different computers and obviously have different IPs; they are both setup in the Cisco controller, with different secrets.   The clients connected through the 3rd party RAD are not domain users.
I can't identify the cause from the event logs.
Any ideas what could cause this condition?
Cliff GaliherCommented:
If the client is talking to the 3rd party radius server and that server is responding that the user doesn't exist the client has no reason to fall back to anither server. That's 100% a client configuration issue  not an NPS problem.
Aldo BaraniAuthor Commented:
Makes sense, however it works just one way since the 3rd party radius takes precedence; so I will have to check the configuration.
Aldo BaraniAuthor Commented:
You were correct, it is documented by Cisco.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.