locked
Event 1070 on DHCP Server RRS feed

  • Question

  • Okay, I've been spending all my time on the 802.1x enforcement but now I'm giving DHCP a shot just so I can get MAC authentication to work.  However, I'm having an issue with this as my DHCP server is showing Event 1070:

    Iashlpr initialization failed: 1060, so DHCP server cannot talk to NPS server. It could be that IAS service is not started.

    The server is running, it works fine for 802.1x, I'm wondering what ports are required to get DHCP to work properly here.  Also, I don't see anywhere in DHCP to point to my NPS server.  I own the NAP book and it doesn't mention anything like this.  What I did was add the DHCP Server as a RADIUS client but I really doubt that does anything.  Could someone point me in the right direction?

    Monday, September 21, 2009 7:44 PM

Answers

All replies

  • Hi GunnarWB,
       Thanks for contact us. From the problem I infer that you are having DHCP & NPS in different box. If yes, then you have still install the NPS role on the DHCP Server and configure the NPS as proxy to forward the request to the right server.
         Here are some information NPS Proxy : http://technet.microsoft.com/en-us/library/cc731320.aspx

    If you are just looking for MAC Authentication on Windows Server 2008 R2 , more info on what's new in the Windows Server 2008 R2 is available @ http://blogs.technet.com/teamdhcp/archive/2009/02/26/new-features-in-dhcp-for-windows-server-2008-r2-windows-7.aspx

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    • Marked as answer by gunnarwb Tuesday, September 22, 2009 1:11 PM
    Monday, September 21, 2009 10:01 PM
  • Hey RamaSubbu,

    I got it to work by putting DHCP on the same server, I was trying to go to quickly and missed that part in my book.  Thank you,

    Gunnar
    Tuesday, September 22, 2009 1:11 PM
  • Rama,

    I got Windows 2008 R2 all running and the Mac based security in R2 is ...okay.  Basically it's not really security it will just deny giving someone an IP address.  I'd like to use the feature in my switch for mac-based authentication, which is doable with Free-Radius just using a MAC DB.  Can NPS do this in 2008?  The DHCP MAC isn't what I need.

    Gunnar
    Tuesday, September 22, 2009 2:32 PM
  • Hi Gunnar,
       Sure, of course you can do it very well with mac-based authentication with NPS. We would be happy to help you. Feel free to contact us if you need any information.

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Tuesday, September 22, 2009 3:11 PM
  • Rama,

    CHeck out this thread:

    http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/3790514d-ff16-404e-adad-90fcdb087c68

    I'm asking about MAC authenitation, however I'm always given the answer of a blog that's either DHCP based, or MAC ontop of 802.1x.  I don't want to have to query a Domain Controller for access, I want to query a MAC database and authenticate if your MAC is in that DB.  I do not plan on doing this for all machines in the domain, just dumb machines that will reside in a certian vlan.  Would you reply to that thread, this thread is getting off topic, you answered my question about the Event ID issue, thank you.
    Tuesday, September 22, 2009 6:21 PM
  • Sure, I will checkout that thread too.
    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Saturday, September 26, 2009 12:55 AM