Server 2012 NPS recieving unknown authentication attempts from DOMAIN\guest account

• Question

• 

  

  0

  Sign in to vote

  Hello,

  I am pretty new to technet, so I appreciate any assistance that I can get and look forward to assisting others in the future.  

  I currently have a server 2012 NPS server setup to use as a radius server for my WiFi users to use their domain credentials along with 802.1x. We are using ubiquity APs here in our environment. I already setup the NPS along with a self signed user certificate which i have deployed using GPO to various devices.  My setup has been working beautifully, until i noticed a weird issue yesterday.  All of our APs are Unifi AP-LR's and we have a single Unifi AP-AC.  It seems that randomly when trying to authenticate via this one AP-AC, you are repeatedly prompted for the credentials and are never able to connect. When checking the NPS server, it says that it is receiving a connection request from MYDOMAIN\Guest.  However, no one is trying to log in with a guest account.  Does anyone have any ideas as to why this would be?  Below is a sample of the log of the problem:

  Network Policy Server denied access to a user.

  Contact the Network Policy Server administrator for more information.

  User:

                  Security ID:                                            CABLEBAHAMAS\Guest

                  Account Name:                                     -

                  Account Domain:                                 CABLEBAHAMAS

                  Fully Qualified Account Name:          CABLEBAHAMAS\Guest

  Client Machine:

                  Security ID:                                            NULL SID

                  Account Name:                                     -

                  Fully Qualified Account Name:          -

                  OS-Version:                                           -

                  Called Station Identifier:                      24a43c52aaa1:REV-Corp

                  Calling Station Identifier:                     8019349def31

  NAS:

                  NAS IPv4 Address:                                10.70.1.42

                  NAS IPv6 Address:                                -

                  NAS Identifier:                                       24a43c52aaa1

                  NAS Port-Type:                                     Wireless - IEEE 802.11

                  NAS Port:                                               67

  RADIUS Client:

                  Client Friendly Name:                           REV-Corp

                  Client IP Address:                                  10.70.1.42

  Authentication Details:

                  Connection Request Policy Name:     REV-Corp

                  Network Policy Name:                         -

                  Authentication Provider:                     Windows

                  Authentication Server:                         radius2.cablebahamas.com

                  Authentication Type:                           EAP

                  EAP Type:                                               -

                  Account Session Identifier:                 -

                  Logging Results:                                   Accounting information was written to the local log file.

                  Reason Code:                                        34

                  Reason:                                                  The user or computer account that is specified in the RADIUS Access-Request message is disabled.

  
  

  • Edited by Tech_Brian Tuesday, February 24, 2015 7:37 PM

  Tuesday, February 24, 2015 7:26 PM