Hi,
have NPS (W2k8) where i'm authenticating users from wless network (Cisco based network). The SSID for them is secured on the Wless controller by WPA+WPA2 with 802.1X key mgmt. On the Radius server i have configured Connection request policy and Network Policy
where i implemented as EAP type PEAP. WIthin PEAP i'm using EAP-MSCHAP v2 with authentication retries setup to 2. Users are authenticated but I have a problem when user change a password and his mobile device has "old" password setup for connecting with wless
network. As a result AD Account is being locked after few tries of authentication from mobile device...
Tried to change registry settings on the NPS server to lock user after 3 consecutive authentication fails but it's not working. Tried to follow logs and find something strange:
if i'm using proper password i can see in logs:
Network Policy Server granted access to a user.
Authentication Details:
Connection Request Policy Name:
Secure Wireless Connections
Network Policy Name:
Secure Wless Connections
Authentication Provider:
Windows
Authentication Server:
xxxxxxxxxxxxxxxxxxxxxxx
Authentication Type:
PEAP
EAP Type:
Microsoft: Secured password (EAP-MSCHAP v2)
but if i use wrong password only getting:
Authentication Details:
Connection Request Policy Name:
Secure Wireless Connections
Network Policy Name:
Secure Wless Connections
Authentication Provider:
Windows
Authentication Server:
xxxxxxxxxxxxxxxxxxxxxxxx
Authentication Type:
EAP
EAP Type:
-
Account Session Identifier:
-
Reason Code:
1
Reason:
An internal error occurred. Check the system event log for additional information.
Any ideas what can be done, what's wrong?
NPS server - blocking account
