locked
NPS server - blocking account RRS feed

  • Question

  • Hi,

    have NPS (W2k8) where i'm authenticating users from wless network (Cisco based network). The SSID for them is secured on the Wless controller by WPA+WPA2 with 802.1X key mgmt. On the Radius server i have configured Connection request policy and Network Policy where i implemented as EAP type PEAP. WIthin PEAP i'm using EAP-MSCHAP v2 with authentication retries setup to 2. Users are authenticated but I have a problem when user change a password and his mobile device has "old" password setup for connecting with wless network. As a result AD Account is being locked after few tries of authentication from mobile device... 

    Tried to change registry settings on the NPS server to lock user after 3 consecutive authentication fails but it's not working. Tried to follow logs and find something strange:

    if i'm using proper password i can see in logs:

    Network Policy Server granted access to a user.
    Authentication Details:
    Connection Request Policy Name: Secure Wireless Connections 
    Network Policy Name: Secure Wless Connections
    Authentication Provider: Windows
    Authentication Server: xxxxxxxxxxxxxxxxxxxxxxx
    Authentication Type: PEAP
    EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)

    but if i use wrong password only getting:

    Authentication Details:
    Connection Request Policy Name: Secure Wireless Connections 
    Network Policy Name: Secure Wless Connections
    Authentication Provider: Windows
    Authentication Server: xxxxxxxxxxxxxxxxxxxxxxxx
    Authentication Type: EAP
    EAP Type: -
    Account Session Identifier: -
    Reason Code: 1
    Reason: An internal error occurred. Check the system event log for additional information.

    Any ideas what can be done, what's wrong?

    • Changed type Aiden_Cao Monday, July 2, 2012 7:00 AM
    Thursday, June 28, 2012 12:49 PM

All replies