none
NPS authentication fails with reason 16 after applying realm striping rule (striping domain from user-name) in NPS

    Question

  • I need to implement  a 802.1x network authentication for our wired infrastructure using one 2008 R2 server which is our NPS as well as our DC. We are running NPS on Windows 2008 R2 Ent.  We are stripping the domain name using realm.  But now authentication failed with

    Reason Code:        16

    Reason:                  Authentication failed due to a user credentials mismatch. Either the user name   provided does not map to an existing user account or the password was incorrect.

    Here is the Detail Event log

    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:

                    Security ID:                                            KWT\moe

                    Account Name:                                    moe

                    Account Domain:                                 KWT

                    Fully Qualified Account Name:          KWT.PRIV/People/100099363

    Client Machine:

                    Security ID:                                            NULL SID

                    Account Name:                                    -

                    Fully Qualified Account Name:          -

                    OS-Version:                                           -

                    Called Station Identifier:                      16-18-1A-32-59-46:eduroam

                    Calling Station Identifier:                     70-DE-E2-85-B9-31

    NAS:

                    NAS IPv4 Address:                                172.16.16.6

                    NAS IPv6 Address:                                -

                    NAS Identifier:                                       -

                    NAS Port-Type:                                     Wireless - IEEE 802.11

                    NAS Port:                                               0

    RADIUS Client:

                    Client Friendly Name:                          Surrey APs

                    Client IP Address:                                 172.16.16.6

    Authentication Details:

                    Connection Request Policy Name:    Eduroam - Local

                    Network Policy Name:                         Eduroam -LocalN

                    Authentication Provider:                     Windows

                    Authentication Server:                         IDA.KWT.PRIV

                    Authentication Type:                           PEAP

                    EAP Type:                                              Microsoft: Secured password (EAP-MSCHAP v2)

                    Account Session Identifier:                 -

                    Logging Results:                                   Accounting information was written to the local log file.

                    Reason Code:                                        16

                    Reason:                                                  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

    Saturday, December 08, 2012 3:36 AM

Answers

  • Hi,

    Do all the user accounts in the domain get the problem or just one user?

    Best Regards

    Scott Xie


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by mans12345 Wednesday, December 12, 2012 3:50 PM
    Wednesday, December 12, 2012 9:37 AM

All replies

  • Hi,

    Thank you for your question.
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.


    Best Regards,
    Aiden


    Aiden Cao
    TechNet Community Support

    Wednesday, December 12, 2012 6:55 AM
  • Hi,

    Do all the user accounts in the domain get the problem or just one user?

    Best Regards

    Scott Xie


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by mans12345 Wednesday, December 12, 2012 3:50 PM
    Wednesday, December 12, 2012 9:37 AM