WAP 561 - NPS role - Problem for get a domain profile

All replies

• 

  

  0

  Sign in to vote

  Hi jostir,

  Thanks for your posting here.
  
  It looks like the query is more related to Cisco product , you may have this asked in Cisco forum to get more efficient support.
   

  It is also appreciated that the other members in our forum can share their experience with us about this scenario.

  Best Regards,

  Candy

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Monday, September 4, 2017 6:19 AM
• 

  

  0

  Sign in to vote

  Hi,

  I think is as problem of the NPS role because when i deactivate it, I get the domain profile through my WAP 561.

  So, I have posted my message to this section.

  Do you have any ideas ?

  Thank you.

  Monday, September 4, 2017 7:07 AM
• 

  

  0

  Sign in to vote

  Hi jostir,

  Please check the event log to see if there are something useful for us to troubleshooting.

  Best Regards,

  Candy

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Monday, September 4, 2017 7:38 AM
• 

  

  0

  Sign in to vote

  Two informations log appears next to a user connexion but i think my configuration doesn't right:

   First message → 6272 - Network Policy Server granted access to a user.
  
  User:
  Security ID: DOMAIN\surname.name
  Account Name: surname.name
  Account Domain: DOMAIN
  Fully Qualified Account Name: DOMAIN.com/Utilisateurs/Surname NAME
  
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: -
  Calling Station Identifier: -
  
  NAS:
  NAS IPv4 Address: 192.168.2.181
  NAS IPv6 Address: -
  NAS Identifier: -
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: -
  
  RADIUS Client:
  Client Friendly Name: Cisco WAP 561 - WAP01
  Client IP Address: 192.168.2.181
  
  Authentication Details:
  Connection Request Policy Name: Use Windows authentication for all users
  Network Policy Name: DOMAIN-Interne_Basé sur AD
  Authentication Provider: Windows
  Authentication Server: SRV-NPS.DOMAIN.com
  Authentication Type: EAP
  EAP Type: MD5-Challenge
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  
  Quarantine Information:
  Result: Full Access
  Session Identifier: -
  
  
  -----------
  
  
  Second message  →  6278  - Network Policy Server granted full access to a user because the host met the defined health policy.
  
  User:
  Security ID: DOMAIN\surname.name
  Account Name: surname.name
  Account Domain: DOMAIN
  Fully Qualified Account Name: DOMAIN.com/Utilisateurs/Surname NAME
  
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: -
  Calling Station Identifier: -
  
  NAS:
  NAS IPv4 Address: 192.168.2.181
  NAS IPv6 Address: -
  NAS Identifier: -
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: -
  
  RADIUS Client:
  Client Friendly Name: Cisco WAP 561 - WAP01
  Client IP Address: 192.168.2.181
  
  Authentication Details:
  Connection Request Policy Name: Use Windows authentication for all users
  Network Policy Name: DOMAIN-Interne_Basé sur AD
  Authentication Provider: Windows
  Authentication Server: SRV-NPS.DOMAIN.com
  Authentication Type: EAP
  EAP Type: MD5-Challenge
  Account Session Identifier: -
  
  Quarantine Information:
  Result: Full Access
  Extended-Result: -
  Session Identifier: -
  Help URL: -
  System Health Validator Result(s): -
  

  Monday, September 4, 2017 7:49 AM
• 

  

  0

  Sign in to vote

  Hi,

  The following hotfix might apply

  https://support.microsoft.com/en-us/help/2524478/the-network-location-profile-changes-from-domain-to-public-in-windows

  But it's also possible that you are losing connection to your domain controller. When a computer is able to connect to a domain controller on port 389, it will have a domain profile. If that connection is not available, the network profile will change.

  Thanks,

  -Greg

  • Proposed as answer by Candy LuoMicrosoft contingent staff Tuesday, September 19, 2017 8:41 AM

  Thursday, September 7, 2017 5:44 AM
• 

  

  0

  Sign in to vote

  Hi jostir,

  Just checking in to see if the information provided was helpful.

  Please let us know if you would like further assistance.

  Best Regards,

  Candy

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Tuesday, September 19, 2017 8:41 AM
• 

  

  0

  Sign in to vote

  Hi Candy,

  The Hotfix haven't resolve my problem.

  Tuesday, September 19, 2017 8:44 AM
• 

  

  0

  Sign in to vote

  Please verify that you have a connection to your domain controller.

  Losing the connection to a DC is usually why the connection type changes.

  Tuesday, September 19, 2017 5:02 PM
• 

  

  0

  Sign in to vote

  Hi Greg,

  I can ping my domain controller.

  How can I rearm the connectivity with the domain controller when i'm connected with NPS ?

  Thank you

  Tuesday, September 19, 2017 5:05 PM
• 

  

  0

  Sign in to vote

  This depends on what is blocking. It could be a firewall or it might be a routing problem.

  You said that you can ping the domain controller. Is this possible when the connection shows as Private Network, or is it only possible when the connection is Domain?

  What operating system are you running? I need to know this so that I can determine if you have the Windows PowerShell commands that will help to troubleshoot.

  Thanks,

  -Greg

  Tuesday, September 19, 2017 5:18 PM
• 

  

  0

  Sign in to vote

  I can ping the domain controller when i'm in private network and in domain network.

  I use Windows 10.

   

  Tuesday, September 19, 2017 5:21 PM
• 

  

  0

  Sign in to vote

  Please open a Windows PowerShell prompt and try the commands below. 

  The first command will tell you the name of your domain controller.

  cmd /c echo %logonserver%

  In the next command, replace "dc.contoso.com" with the name of your domain controller. Do not use the IP address. We also need to verify that you can resolve the name properly.

  Test-NetConnection -ComputerName dc.contoso.com -Port 389 -InformationLevel Detailed

  You should see something like the following:

  ComputerName            : DC
  RemoteAddress           : 2001:4898:2001:4:2e76:8aff:fe54:d634
  RemotePort              : 389
  NameResolutionResults   : 2001:4898:2001:4:2e76:8aff:fe54:d634
                            10.222.110.47
  MatchingIPsecRules      :
  NetworkIsolationContext : Internet
  InterfaceAlias          : Ethernet 
  SourceAddress           : 2001:4898:d8:404:45b:e3c9:3ae:3de5
  NetRoute (NextHop)      : fe80::8a75:56ff:fe3c:c200
  TcpTestSucceeded        : True

  
  

  • Edited by Greg LindsayMicrosoft employee Tuesday, September 19, 2017 6:38 PM
  • Proposed as answer by Candy LuoMicrosoft contingent staff Tuesday, September 26, 2017 6:17 AM

  Tuesday, September 19, 2017 5:42 PM
• 

  

  0

  Sign in to vote

  Thank you for your advice.

  I test this command as soon as possible.

  Tuesday, September 19, 2017 5:48 PM
• 

  

  0

  Sign in to vote

  Hi jostir,

  Did you have any updates?

  Best Regards,

  Candy

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Friday, September 22, 2017 2:03 AM