locked
NAP - Authentication FAILS with no event in security log on NPS RRS feed

  • General discussion

  • Hi there,

    I am having an issue with getting clients authenticated to my NPS. Here is a little background. NPS is running Server 2008 R2 on an ESXi host. Clients are windows 7 netbooks. End goal is to have NPS with NAP configured and the whole nine. Using cisco AP with cisco controller.

    At this point in the game I am just trying to configure the wireless access policy and will do wired later. I have the CRP setup with WIRELESS OTHER OR WIRELESS 802.11 as the condition and a AD group as the constraint which contains my client machines. the authentication is left blank as this is done at the network policy layer.

    The Network policy is setup to use PEAP with smart card or certificate. i have verified that the client/nps/dc all have the valid certificates that they need.

    So when trying to connect with the client to the wireless AP it just hangs for minutes on attempting to authenticate. I look in the security event log on the NPS and there is no event whatsover stating an incoming connection or auth failed or anything.

    i actually tried removing all authentication types and checking off "allow user to connect without authenticating" and it still does not generate any log or allow the connection to be established by the client.

    I have enabled tracing on both client and server with no helpful information coming from it.

    Not really sure of the next steps. Any help would be greatly appreciated! If there is other info that I could provide I can do that as well.

    • Changed type Miles Zhang Monday, August 2, 2010 2:10 AM
    Tuesday, July 27, 2010 3:44 AM

All replies

  • From the information what you have provided, it seems the switch is not able to send the request to the NPS server.

    Have you given a correct Radius IP address in your wireless switch? And how about the port? Can you NPS server ping the switch IP?

     

     


    Sorry. My posting is my personal suggestion, Microsoft won't take any responsibilities for my posting. But I am more than happy to try my best to help you.
    Friday, July 30, 2010 7:04 PM
  • Yes we had the correct IP and we could ping from NPS to switch and vice versa. Installed Server 2008 with NAP role on an ESX3.5 box and now everything seems all good. My original suspicion was that we were fighting some sort of firewall on the esxI box, but it supposedly has no firewall.

     

    Sorrta giving up on using the free esxi platform and just going to host it on the esx box we have...

    Tuesday, August 3, 2010 8:03 PM