locked
NPS 2008r2 authentication issue Reason code 2 RRS feed

  • Question

  • Hi

    I am setting up NPS on my 2008r2 server test lab using a Netgear WNDAP350 access point, however I am getting an authentication issue which is NPS reason Code 2.   

    I have included the listing from event viewer, - have I then missed something really obvious in setting the network policy?

    Any thoughts gratefully received

    Kevin

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          22/03/2012 11:37:07
    Event ID:      6274
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      poseidon.LSHigh.local
    Description:
    Network Policy Server discarded the request for a user.


    Contact the Network Policy Server administrator for more information.


    User:
    Security ID: LSHIGH\Admin
    Account Name: admin
    Account Domain: LSHIGH
    Fully Qualified Account Name: LSHIGH\admin


    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 20-4E-7F-4B-0F-00:workshop
    Calling Station Identifier: AC-81-12-AE-F7-29


    NAS:
    NAS IPv4 Address: 10.103.128.23
    NAS IPv6 Address: -
    NAS Identifier: hello
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 0


    RADIUS Client:
    Client Friendly Name: Workshop
    Client IP Address: 10.103.128.23


    Authentication Details:
    Connection Request Policy Name: Secure Wireless Connections
    Network Policy Name: -
    Authentication Provider: Windows
    Authentication Server: poseidon.LSHigh.local
    Authentication Type: EAP
    EAP Type: -
    Account Session Identifier: -
    Reason Code: 2
    Reason: There are not sufficient access rights to process the request.


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>6274</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12552</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2012-03-22T11:37:07.112693000Z" />
        <EventRecordID>22560241</EventRecordID>
        <Correlation />
        <Execution ProcessID="588" ThreadID="11500" />
        <Channel>Security</Channel>
        <Computer>poseidon.LSHigh.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-21-3065519826-876278670-590929393-1118</Data>
        <Data Name="SubjectUserName">admin</Data>
        <Data Name="SubjectDomainName">LSHIGH</Data>
        <Data Name="FullyQualifiedSubjectUserName">LSHIGH\admin</Data>
        <Data Name="SubjectMachineSID">S-1-0-0</Data>
        <Data Name="SubjectMachineName">-</Data>
        <Data Name="FullyQualifiedSubjectMachineName">-</Data>
        <Data Name="MachineInventory">-</Data>
        <Data Name="CalledStationID">20-4E-7F-4B-0F-00:workshop</Data>
        <Data Name="CallingStationID">AC-81-12-AE-F7-29</Data>
        <Data Name="NASIPv4Address">10.103.128.23</Data>
        <Data Name="NASIPv6Address">-</Data>
        <Data Name="NASIdentifier">hello</Data>
        <Data Name="NASPortType">Wireless - IEEE 802.11</Data>
        <Data Name="NASPort">0</Data>
        <Data Name="ClientName">Workshop</Data>
        <Data Name="ClientIPAddress">10.103.128.23</Data>
        <Data Name="ProxyPolicyName">Secure Wireless Connections</Data>
        <Data Name="NetworkPolicyName">-</Data>
        <Data Name="AuthenticationProvider">Windows</Data>
        <Data Name="AuthenticationServer">poseidon.LSHigh.local</Data>
        <Data Name="AuthenticationType">EAP</Data>
        <Data Name="EAPType">-</Data>
        <Data Name="AccountSessionIdentifier">-</Data>
        <Data Name="ReasonCode">2</Data>
        <Data Name="Reason">There are not sufficient access rights to process the request.</Data>
      </EventData>
    </Event>


    Kevin Sait

    Thursday, March 22, 2012 11:46 AM

Answers

  • Hi Kevin,

    Thanks for posting here.

    > Authentication Details:
    >Connection Request Policy Name:
    >Secure Wireless Connections
    >Network Policy Name:

    Have we also created any network policy on RADIUS server in order to grant permission to access for users or computers that match the conditions we defined in it?
    I’d suggest to build and configure the authenticated wireless network with following the procedures in the checklist below first and see how is going :

    Checklist: Configure NPS for Secure Wireless Access
    http://technet.microsoft.com/en-us/library/cc771696.aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Friday, March 23, 2012 4:27 AM

All replies

  • Hi Kevin,

    Thanks for posting here.

    > Authentication Details:
    >Connection Request Policy Name:
    >Secure Wireless Connections
    >Network Policy Name:

    Have we also created any network policy on RADIUS server in order to grant permission to access for users or computers that match the conditions we defined in it?
    I’d suggest to build and configure the authenticated wireless network with following the procedures in the checklist below first and see how is going :

    Checklist: Configure NPS for Secure Wireless Access
    http://technet.microsoft.com/en-us/library/cc771696.aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Friday, March 23, 2012 4:27 AM
  • Hi Kevin,

    If there is any update on this issue, please feel free to let us know.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Monday, March 26, 2012 9:04 AM