locked
NPS Domain Computers RRS feed

  • Question

  • I have a radius server running  on 2012 R2.  I am  using Domain  Computers group  to  authenticate machines and  it's been working fine.  Today on two machines  I'm getting "6273 Network Policy Server denied  access to  a user" and shows me  my user name.  NPS is set up to authenticate machines.  It is still  working  fine on  other  machines  but  these two give this error. Don't know why these   are trying to  use user names  and passwords instead of machines.  Anybody seen this?
    Monday, July 7, 2014 10:56 PM

Answers

  • Hi,

    This error might be caused by one of the following conditions:

    • The connection method is not allowed by network policy
    • The network access server is under attack

    Check the NPS log file to determine whether there have been a large number of authentication failures from the same network access server; this can be a symptom of an attack in which a malicious user attempts to gain access by providing different passwords with each access attempt. The default log file location is %Systemroot%\system32\LogFiles.

    To respond to a server attack:

    • Examine NPS log files to identify the IP address of the computer that is hosting the attack on your network. The default log file location is %Systemroot%Windows\system32\LogFiles.
    • If the computer is internal, disable it. If the computer hosting the attack is external and you can determine the owner of the server through the domain name, contact the server administrator.

    For detailed information, please refer to the link below,

    Event ID 6273 — NPS Authentication Status

    http://technet.microsoft.com/en-us/library/cc735399(v=WS.10).aspx

    Hope this helps.



    Steven Lee

    TechNet Community Support


    Tuesday, July 8, 2014 12:55 PM
  • You can change this by applying a GPO for WLAN or wired 802.1x - in the Security tab of the settings, see screenshots in this article.

    Elke

    Wednesday, July 9, 2014 11:47 AM

All replies

  • Hi,

    This error might be caused by one of the following conditions:

    • The connection method is not allowed by network policy
    • The network access server is under attack

    Check the NPS log file to determine whether there have been a large number of authentication failures from the same network access server; this can be a symptom of an attack in which a malicious user attempts to gain access by providing different passwords with each access attempt. The default log file location is %Systemroot%\system32\LogFiles.

    To respond to a server attack:

    • Examine NPS log files to identify the IP address of the computer that is hosting the attack on your network. The default log file location is %Systemroot%Windows\system32\LogFiles.
    • If the computer is internal, disable it. If the computer hosting the attack is external and you can determine the owner of the server through the domain name, contact the server administrator.

    For detailed information, please refer to the link below,

    Event ID 6273 — NPS Authentication Status

    http://technet.microsoft.com/en-us/library/cc735399(v=WS.10).aspx

    Hope this helps.



    Steven Lee

    TechNet Community Support


    Tuesday, July 8, 2014 12:55 PM
  • Looking at Windows Network Diagnotics shows the machine that will not connect under Security and Authentication the Authentication mode shows "Machine or user".  The machines that are working only show "Machine".  Any ideas on how to change that on the local computer?  Got this on a Windows 7 machine and a Windows 8.1 machine.


    • Edited by Alan292 Tuesday, July 8, 2014 2:57 PM
    Tuesday, July 8, 2014 2:55 PM
  • You can change this by applying a GPO for WLAN or wired 802.1x - in the Security tab of the settings, see screenshots in this article.

    Elke

    Wednesday, July 9, 2014 11:47 AM