locked
Server 2012 NPS recieving unknown authentication attempts from DOMAIN\guest account RRS feed

  • Question

  • Hello,

    I am pretty new to technet, so I appreciate any assistance that I can get and look forward to assisting others in the future.  

    I currently have a server 2012 NPS server setup to use as a radius server for my WiFi users to use their domain credentials along with 802.1x. We are using ubiquity APs here in our environment. I already setup the NPS along with a self signed user certificate which i have deployed using GPO to various devices.  My setup has been working beautifully, until i noticed a weird issue yesterday.  All of our APs are Unifi AP-LR's and we have a single Unifi AP-AC.  It seems that randomly when trying to authenticate via this one AP-AC, you are repeatedly prompted for the credentials and are never able to connect. When checking the NPS server, it says that it is receiving a connection request from MYDOMAIN\Guest.  However, no one is trying to log in with a guest account.  Does anyone have any ideas as to why this would be?  Below is a sample of the log of the problem:

    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:

                    Security ID:                                            CABLEBAHAMAS\Guest

                    Account Name:                                     -

                    Account Domain:                                 CABLEBAHAMAS

                    Fully Qualified Account Name:          CABLEBAHAMAS\Guest

    Client Machine:

                    Security ID:                                            NULL SID

                    Account Name:                                     -

                    Fully Qualified Account Name:          -

                    OS-Version:                                           -

                    Called Station Identifier:                      24a43c52aaa1:REV-Corp

                    Calling Station Identifier:                     8019349def31

    NAS:

                    NAS IPv4 Address:                                10.70.1.42

                    NAS IPv6 Address:                                -

                    NAS Identifier:                                       24a43c52aaa1

                    NAS Port-Type:                                     Wireless - IEEE 802.11

                    NAS Port:                                               67

    RADIUS Client:

                    Client Friendly Name:                           REV-Corp

                    Client IP Address:                                  10.70.1.42

    Authentication Details:

                    Connection Request Policy Name:     REV-Corp

                    Network Policy Name:                         -

                    Authentication Provider:                     Windows

                    Authentication Server:                         radius2.cablebahamas.com

                    Authentication Type:                           EAP

                    EAP Type:                                               -

                    Account Session Identifier:                 -

                    Logging Results:                                   Accounting information was written to the local log file.

                    Reason Code:                                        34

                    Reason:                                                  The user or computer account that is specified in the RADIUS Access-Request message is disabled.


    • Edited by Tech_Brian Tuesday, February 24, 2015 7:37 PM
    Tuesday, February 24, 2015 7:26 PM

Answers

  • Thanks for the reply Eve Wang,

    What ended up resolving the issue was a firmware update on that AP. Thanks for your assistance Eve.

    • Marked as answer by Tech_Brian Thursday, February 26, 2015 7:11 PM
    Thursday, February 26, 2015 7:10 PM

All replies

  • Hi,

    According to your description, my understanding is that users are repeatedly prompted for the credentials and never able to connect when trying to authenticate via the AP-AC.

    I suggest you to reconfigure the access point AP-AC, and make sure that unauthenticated access is not enabled.

    Best Regards,
    Eve Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 26, 2015 7:37 AM
  • Thanks for the reply Eve Wang,

    What ended up resolving the issue was a firmware update on that AP. Thanks for your assistance Eve.

    • Marked as answer by Tech_Brian Thursday, February 26, 2015 7:11 PM
    Thursday, February 26, 2015 7:10 PM