locked
Problems getting XP SP3 to Authenticate to NPS (Server 2008) RRS feed

  • Question

  • I have a Server 2008 R2 domain with windows xp sp3 clients. The Server 2008 R2 is a DC, Certificate Authority and NAP Server. I have cisco switches setup correctly to use 802.1x as I used to have a server 2003 domain with IAS and everything was fine.

    In NPS I have created a wired policy to put clients on to Vlan 2. In group policy, there are wired settings for clients to use PEAP and the Certificate to connect.

    The clients use machine credential. When I try and connect the client to the network..... I get Authentication Failed and in the Event Viewer on the NPS server I get:

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          06/08/2010 21:26:46
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      DC2008.ad.londonacademy.org.uk
    Description:
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
          Security ID:                  S-1-5-21-1961120552-2230764613-812287295-2925
          Account Name:                  host/DIANAFINANCE.ad.londonacademy.org.uk
          Account Domain:                  LONDONACADEMY
          Fully Qualified Account Name:      ad.londonacademy.org.uk/Admin Computers/Admin Desktops/Finance/DIANAFINANCE

    Client Machine:
          Security ID:                  NULL SID
          Account Name:                  -
          Fully Qualified Account Name:      -
          OS-Version:                  -
          Called Station Identifier:            00-17-E0-05-90-B2
          Calling Station Identifier:            00-1B-78-AE-D5-2E

    NAS:
          NAS IPv4 Address:            172.17.1.167
          NAS IPv6 Address:            -
          NAS Identifier:                  -
          NAS Port-Type:                  Virtual
          NAS Port:                  60046

    RADIUS Client:
          Client Friendly Name:            0E06-167-3560PS
          Client IP Address:                  172.17.1.167

    Authentication Details:
          Connection Request Policy Name:      Use Windows authentication for all users
          Network Policy Name:            Admin_PCs_Vlan2
          Authentication Provider:            Windows
          Authentication Server:            DC2008.ad.londonacademy.org.uk
          Authentication Type:            PEAP
          EAP Type:                  -
          Account Session Identifier:            -
          Logging Results:                  Accounting information was written to the local log file.
          Reason Code:                  23
          Reason:                        An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.

    Can anyone please help?????

    Saturday, August 7, 2010 1:03 PM

Answers

  • Hi,

    Thanks for the post.

    We need to collect the MPSReport from Windows Server 2008 R2 for further research.

    1. Download proper MPS Report tool from the website below.

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Internet and Networking”, “Business Networks”, “Server Components”, click Next.

    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.

    For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")
     
    Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=53dce4a6-7a66-40b1-bafd-0f94c78681a2)
    Password: ]$[5bq{ET_0s%
     
    Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Monday, August 16, 2010 2:24 AM
    Monday, August 9, 2010 9:42 AM

All replies

  • Hi,

    Thanks for the post.

    We need to collect the MPSReport from Windows Server 2008 R2 for further research.

    1. Download proper MPS Report tool from the website below.

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Internet and Networking”, “Business Networks”, “Server Components”, click Next.

    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.

    For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")
     
    Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=53dce4a6-7a66-40b1-bafd-0f94c78681a2)
    Password: ]$[5bq{ET_0s%
     
    Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Monday, August 16, 2010 2:24 AM
    Monday, August 9, 2010 9:42 AM
  • Hi, any updates? I am also stuck with this prob.

    Unexpected Error. Possible Error in server or client configuration. Reason code 23.

    I am using PEAP MSCHAP v2 for wired 802.1x connections.

    Many thanks.

    Tuesday, August 17, 2010 10:38 AM
  • I too am having the same issue.  Is there a fix or a description for this?  

     

    I'm using CA with NPS through EAP/Cisco.  

     

    Thanks!

    Thursday, August 19, 2010 11:11 PM
  • I have the same issue. Uploaded the *.cab file to the workspace. System is called vm-w2k8 and setup is: client laptop (xp sp3) <> Cisco wlc526 <> win2k8 (NPS + CA) <> Win2k3 (DC/AD).

    -Tried update for sha suggested in another thread

    -Enabled EAP quarantine enf. client (also from another thread)

    This is my first time working with certificates and this kind of technology and it's kind of hard to troubleshoot for me. So i hope someone else has found a solution / can help me to some pointers of things that i should check.

    On request i can ofc. give some info on any configuration from the setup above.

     

    Thanks,

    Ralph

     

    Ps. The file, VM-W2K8_MpsReports.cab, was uploaded successfully.


    Send Files - Standard File Name : VM-W2K8_MpsReports.cab
    Start Time : Fri, 27 Aug 2010 12:12:01 UTC
    End Time : Fri,27 Aug 2010 12:14:09 UTC
    Time Taken : 128 seconds

    Friday, August 27, 2010 12:20 PM
  • What was the solution for this issue.  Im having the exact issue as described in the above post.... Please post the resolution to this issue or any suggestions thanks.... As with everyone else everything worked fine under 2003..  I have disabled allNAP policies..
    Monday, September 20, 2010 12:43 PM
  • Anyone got any new input on this? Still haven't solved this issue.
    Tuesday, September 28, 2010 12:39 PM
  • Same error here (no NAP and never had ran NPS on our old 2003 DC) too, basicly setup using these directions:

    http://techblog.mirabito.net.au/?p=87

    We are using a Meru 5000 series controller and I didn't have to generate the cert.  The cert for the NPS box said it was intended for "all" - that covers client and server authentication, so i'm assuming i'm good there.

    Have wifi settings on client box (XP SP3) getting settings from a GPO I created.

    I'll take any suggestions.

    Thanks

    Friday, October 1, 2010 4:31 AM
  • Just noticed the following in the event log:

    The following fatal alert was generated: 20. The internal error state is 960.

    maybe there is a cert issue?

    Friday, October 1, 2010 4:38 AM
  • Microsoft has a Hotfix for Windows XP with SP3 against 2008 with NPS.

    Might this be the issue?

    http://support.microsoft.com/kb/969111

     

    Thursday, October 7, 2010 7:09 AM
  • Thanks for the suggestion but this hotfix didnt fix my issue.  Im still receiving teh following

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          10/7/2010 11:19:53 AM
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      TFCGCOH01.corp.tfcci.local
    Description:
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
     Security ID:   CORP\user
     Account Name:   CORP\user
     Account Domain:   CORP
     Fully Qualified Account Name: domain.corp.local/Users/user

    Client Machine:
     Security ID:   NULL SID
     Account Name:   -
     Fully Qualified Account Name: -
     OS-Version:   -
     Called Station Identifier:  00-19-A9-A5-1D-C0:TEST760
     Calling Station Identifier:  00-23-14-90-C8-34

    NAS:
     NAS IPv4 Address:  10.179.131.27
     NAS IPv6 Address:  -
     NAS Identifier:   XXXXXXXXXXXXXXX 

    NAS Port-Type:   Wireless - IEEE 802.11
     NAS Port:   1

    RADIUS Client:
     Client Friendly Name:  WIRELESS
     Client IP Address:   10.179.131.27

    Authentication Details:
     Connection Request Policy Name: WIRELESS
     Network Policy Name:  CISCO LOGON
     Authentication Provider:  Windows
     Authentication Server:  server.domain.local
     Authentication Type:  EAP
     EAP Type:   -
     Account Session Identifier:  -
     Logging Results:   Accounting information was written to the local log file.
     Reason Code:   22
     Reason:    The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>6273</EventID>
        <Version>1</Version>
        <Level>0</Level>
        <Task>12552</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2010-10-07T15:19:53.965570800Z" />
        <EventRecordID>3150654</EventRecordID>
        <Correlation />
        <Execution ProcessID="448" ThreadID="1716" />
        <Channel>Security</Channel>
        <Computer>server.domain.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-21-4259423036-1039382946-3758269738-2191</Data>
        <Data Name="SubjectUserName">CORP\User</Data>
        <Data Name="SubjectDomainName">CORP</Data>
        <Data Name="FullyQualifiedSubjectUserName">domain.corp.local/Users/User</Data>
        <Data Name="SubjectMachineSID">S-1-0-0</Data>
        <Data Name="SubjectMachineName">-</Data>
        <Data Name="FullyQualifiedSubjectMachineName">-</Data>
        <Data Name="MachineInventory">-</Data>
        <Data Name="CalledStationID">00-19-A9-A5-1D-C0:TEST760</Data>
        <Data Name="CallingStationID">00-23-14-90-C8-34</Data>
        <Data Name="NASIPv4Address">10.10.0.27</Data>
        <Data Name="NASIPv6Address">-</Data>
        <Data Name="NASIdentifier">ohcol1m1n01.tfcci.local</Data>
        <Data Name="NASPortType">Wireless - IEEE 802.11</Data>
        <Data Name="NASPort">1</Data>
        <Data Name="ClientName">WIRELESS</Data>
        <Data Name="ClientIPAddress">10.179.131.27</Data>
        <Data Name="ProxyPolicyName">WIRELESS</Data>
        <Data Name="NetworkPolicyName">CISCO LOGON</Data>
        <Data Name="AuthenticationProvider">Windows</Data>
        <Data Name="AuthenticationServer">Server.data.local</Data>
        <Data Name="AuthenticationType">EAP</Data>
        <Data Name="EAPType">-</Data>
        <Data Name="AccountSessionIdentifier">-</Data>
        <Data Name="ReasonCode">22</Data>
        <Data Name="Reason">The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.</Data>
        <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
      </EventData>
    </Event>

    Thursday, October 7, 2010 3:30 PM
  • Hey, I'm having the same problem to verify the computers with certificate. Have you got any solution? Could you tell me how to solve that?

     

     

     

    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
        Security ID:            NULL SID
        Account Name:            host/notetelemed.lab.local
        Account Domain:            LAB
        Fully Qualified Account Name:    LAB\NOTETELEMED$

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        -
        Calling Station Identifier:        00-1C-7E-A7-AA-23

    NAS:
        NAS IPv4 Address:        192.168.0.214
        NAS IPv6 Address:        -
        NAS Identifier:            001ec1f29882
        NAS Port-Type:            Ethernet
        NAS Port:            16843152

    RADIUS Client:
        Client Friendly Name:        SWLAB
        Client IP Address:            192.168.0.214

    Authentication Details:
        Connection Request Policy Name:    NAP 802.1X (Wired)
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        server1.lab.local
        Authentication Type:        EAP
        EAP Type:            Microsoft: Smart Card or other certificate
        Account Session Identifier:        -
        Logging Results:            Accounting information was written to the local log file.
        Reason Code:            16
        Reason:                Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.







    [4012] 10-15 18:05:30:467: SecurityContextFunction
    [4012] 10-15 18:05:30:483: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:05:30:483: State change to SentHello
    [4012] 10-15 18:05:30:483: BuildPacket
    [4012] 10-15 18:05:30:483: << Sending Request (Code: 1) packet: Id: 4, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:05:30:514:
    [2356] 10-15 18:05:30:514: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:30:514: >> Received Response (Code: 2) packet: Id: 4, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:30:514: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:05:30:514: BuildPacket
    [2356] 10-15 18:05:30:514: << Sending Request (Code: 1) packet: Id: 5, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:30:576:
    [2356] 10-15 18:05:30:576: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:30:576: >> Received Response (Code: 2) packet: Id: 5, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [2356] 10-15 18:05:30:576: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:05:30:576: MakeReplyMessage
    [2356] 10-15 18:05:30:576: Reallocating input TLS blob buffer
    [2356] 10-15 18:05:30:576: BuildPacket
    [2356] 10-15 18:05:30:576: << Sending Request (Code: 1) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:30:592:
    [2356] 10-15 18:05:30:592: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:30:592: >> Received Response (Code: 2) packet: Id: 6, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:30:592: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:05:30:592: MakeReplyMessage
    [2356] 10-15 18:05:30:592: SecurityContextFunction
    [2356] 10-15 18:05:30:607: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:05:30:607: AuthenticateUser
    [2356] 10-15 18:05:30:607: DwGetEKUUsage
    [2356] 10-15 18:05:30:607: Number of EKUs on the cert are 2
    [2356] 10-15 18:05:30:607: FCheckPolicy
    [2356] 10-15 18:05:30:607: FCheckPolicy done.
    [2356] 10-15 18:05:30:607: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:05:30:607: CheckUserName
    [2356] 10-15 18:05:30:607: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:05:30:607: MakeAlert(49, Manual)
    [2356] 10-15 18:05:30:607: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:05:30:607: BuildPacket
    [2356] 10-15 18:05:30:607: << Sending Request (Code: 1) packet: Id: 7, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:05:30:623:
    [4012] 10-15 18:05:30:623: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:05:30:623: >> Received Response (Code: 2) packet: Id: 7, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:05:30:623: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:05:30:623: Negotiation unsuccessful
    [4012] 10-15 18:05:30:623: BuildPacket
    [4012] 10-15 18:05:30:623: << Sending Failure (Code: 4) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:05:30:623: AuthResultCode = (-2146893045), bCode = (4)
    [2356] 10-15 18:05:47:627:
    [2356] 10-15 18:05:47:627: EapTlsBegin(LAB\NOTETELEMED$)
    [2356] 10-15 18:05:47:627: SetupMachineChangeNotification
    [2356] 10-15 18:05:47:627: State change to Initial
    [2356] 10-15 18:05:47:627: MaxTLSMessageLength is now 16384
    [2356] 10-15 18:05:47:627: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [2356] 10-15 18:05:47:627: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [2356] 10-15 18:05:47:627: The root cert will not be checked for revocation
    [2356] 10-15 18:05:47:627: The cert will be checked for revocation
    [2356] 10-15 18:05:47:627:
    [2356] 10-15 18:05:47:627: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:47:627: EapTlsSMakeMessage, state(0)
    [2356] 10-15 18:05:47:627: EapTlsReset
    [2356] 10-15 18:05:47:627: State change to Initial
    [2356] 10-15 18:05:47:627: EapGetCredentials
    [2356] 10-15 18:05:47:627: Flag is Server and Store is local Machine
    [2356] 10-15 18:05:47:627: GetCachedCredentials Flags = 0xe1
    [2356] 10-15 18:05:47:627: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [2356] 10-15 18:05:47:627: pNode->dwCredFlags = 0x14
    [2356] 10-15 18:05:47:627: pNode->dwCredFlags = 0x11
    [2356] 10-15 18:05:47:627: GetCachedCredentials: Using Cached Credentials
    [2356] 10-15 18:05:47:627: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [2356] 10-15 18:05:47:627: BuildPacket
    [2356] 10-15 18:05:47:627: << Sending Request (Code: 1) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [2356] 10-15 18:05:47:627: State change to SentStart
    [4012] 10-15 18:05:47:658:
    [4012] 10-15 18:05:47:658: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:05:47:658: >> Received Response (Code: 2) packet: Id: 3, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [4012] 10-15 18:05:47:658: EapTlsSMakeMessage, state(1)
    [4012] 10-15 18:05:47:658: MakeReplyMessage
    [4012] 10-15 18:05:47:658: Reallocating input TLS blob buffer
    [4012] 10-15 18:05:47:658: SecurityContextFunction
    [4012] 10-15 18:05:47:658: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:05:47:658: State change to SentHello
    [4012] 10-15 18:05:47:658: BuildPacket
    [4012] 10-15 18:05:47:658: << Sending Request (Code: 1) packet: Id: 4, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:05:47:690:
    [2356] 10-15 18:05:47:690: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:47:690: >> Received Response (Code: 2) packet: Id: 4, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:47:690: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:05:47:690: BuildPacket
    [2356] 10-15 18:05:47:690: << Sending Request (Code: 1) packet: Id: 5, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:47:736:
    [2356] 10-15 18:05:47:736: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:47:736: >> Received Response (Code: 2) packet: Id: 5, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [2356] 10-15 18:05:47:736: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:05:47:736: MakeReplyMessage
    [2356] 10-15 18:05:47:736: Reallocating input TLS blob buffer
    [2356] 10-15 18:05:47:736: BuildPacket
    [2356] 10-15 18:05:47:736: << Sending Request (Code: 1) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:47:752:
    [2356] 10-15 18:05:47:752: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:05:47:752: >> Received Response (Code: 2) packet: Id: 6, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:05:47:752: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:05:47:752: MakeReplyMessage
    [2356] 10-15 18:05:47:752: SecurityContextFunction
    [2356] 10-15 18:05:47:768: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:05:47:768: AuthenticateUser
    [2356] 10-15 18:05:47:768: DwGetEKUUsage
    [2356] 10-15 18:05:47:768: Number of EKUs on the cert are 2
    [2356] 10-15 18:05:47:768: FCheckPolicy
    [2356] 10-15 18:05:47:768: FCheckPolicy done.
    [2356] 10-15 18:05:47:768: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:05:47:768: CheckUserName
    [2356] 10-15 18:05:47:768: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:05:47:768: MakeAlert(49, Manual)
    [2356] 10-15 18:05:47:768: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:05:47:768: BuildPacket
    [2356] 10-15 18:05:47:768: << Sending Request (Code: 1) packet: Id: 7, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:05:47:783:
    [4012] 10-15 18:05:47:783: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:05:47:783: >> Received Response (Code: 2) packet: Id: 7, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:05:47:783: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:05:47:783: Negotiation unsuccessful
    [4012] 10-15 18:05:47:783: BuildPacket
    [4012] 10-15 18:05:47:783: << Sending Failure (Code: 4) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:05:47:783: AuthResultCode = (-2146893045), bCode = (4)
    [4012] 10-15 18:06:05:926:
    [4012] 10-15 18:06:05:926: EapTlsBegin(LAB\NOTETELEMED$)
    [4012] 10-15 18:06:05:926: SetupMachineChangeNotification
    [4012] 10-15 18:06:05:926: State change to Initial
    [4012] 10-15 18:06:05:926: MaxTLSMessageLength is now 16384
    [4012] 10-15 18:06:05:926: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [4012] 10-15 18:06:05:926: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [4012] 10-15 18:06:05:926: The root cert will not be checked for revocation
    [4012] 10-15 18:06:05:926: The cert will be checked for revocation
    [4012] 10-15 18:06:05:926:
    [4012] 10-15 18:06:05:926: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:05:926: EapTlsSMakeMessage, state(0)
    [4012] 10-15 18:06:05:926: EapTlsReset
    [4012] 10-15 18:06:05:926: State change to Initial
    [4012] 10-15 18:06:05:926: EapGetCredentials
    [4012] 10-15 18:06:05:926: Flag is Server and Store is local Machine
    [4012] 10-15 18:06:05:926: GetCachedCredentials Flags = 0xe1
    [4012] 10-15 18:06:05:926: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [4012] 10-15 18:06:05:926: pNode->dwCredFlags = 0x14
    [4012] 10-15 18:06:05:926: pNode->dwCredFlags = 0x11
    [4012] 10-15 18:06:05:926: GetCachedCredentials: Using Cached Credentials
    [4012] 10-15 18:06:05:926: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [4012] 10-15 18:06:05:926: BuildPacket
    [4012] 10-15 18:06:05:926: << Sending Request (Code: 1) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [4012] 10-15 18:06:05:926: State change to SentStart
    [2356] 10-15 18:06:05:988:
    [2356] 10-15 18:06:05:988: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:05:988: >> Received Response (Code: 2) packet: Id: 3, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [2356] 10-15 18:06:05:988: EapTlsSMakeMessage, state(1)
    [2356] 10-15 18:06:05:988: MakeReplyMessage
    [2356] 10-15 18:06:05:988: Reallocating input TLS blob buffer
    [2356] 10-15 18:06:05:988: SecurityContextFunction
    [2356] 10-15 18:06:05:988: AcceptSecurityContext returned 0x90312
    [2356] 10-15 18:06:05:988: State change to SentHello
    [2356] 10-15 18:06:05:988: BuildPacket
    [2356] 10-15 18:06:05:988: << Sending Request (Code: 1) packet: Id: 4, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [4012] 10-15 18:06:06:035:
    [4012] 10-15 18:06:06:035: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:06:035: >> Received Response (Code: 2) packet: Id: 4, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:06:035: EapTlsSMakeMessage, state(2)
    [4012] 10-15 18:06:06:035: BuildPacket
    [4012] 10-15 18:06:06:035: << Sending Request (Code: 1) packet: Id: 5, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:06:160:
    [4012] 10-15 18:06:06:160: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:06:160: >> Received Response (Code: 2) packet: Id: 5, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [4012] 10-15 18:06:06:160: EapTlsSMakeMessage, state(2)
    [4012] 10-15 18:06:06:160: MakeReplyMessage
    [4012] 10-15 18:06:06:160: Reallocating input TLS blob buffer
    [4012] 10-15 18:06:06:160: BuildPacket
    [4012] 10-15 18:06:06:160: << Sending Request (Code: 1) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:06:191:
    [4012] 10-15 18:06:06:191: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:06:191: >> Received Response (Code: 2) packet: Id: 6, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:06:191: EapTlsSMakeMessage, state(2)
    [4012] 10-15 18:06:06:191: MakeReplyMessage
    [4012] 10-15 18:06:06:191: SecurityContextFunction
    [4012] 10-15 18:06:06:191: AcceptSecurityContext returned 0x0
    [4012] 10-15 18:06:06:191: AuthenticateUser
    [4012] 10-15 18:06:06:191: DwGetEKUUsage
    [4012] 10-15 18:06:06:191: Number of EKUs on the cert are 2
    [4012] 10-15 18:06:06:191: FCheckPolicy
    [4012] 10-15 18:06:06:191: FCheckPolicy done.
    [4012] 10-15 18:06:06:191: FCheckUsage: All-Purpose: 1
    [4012] 10-15 18:06:06:191: CheckUserName
    [4012] 10-15 18:06:06:191: QuerySecurityContextToken failed and returned 0x8009030b
    [4012] 10-15 18:06:06:191: MakeAlert(49, Manual)
    [4012] 10-15 18:06:06:191: State change to SentFinished. Error: 0x8009030b
    [4012] 10-15 18:06:06:191: BuildPacket
    [4012] 10-15 18:06:06:191: << Sending Request (Code: 1) packet: Id: 7, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [2356] 10-15 18:06:06:222:
    [2356] 10-15 18:06:06:222: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:06:222: >> Received Response (Code: 2) packet: Id: 7, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:06:222: EapTlsSMakeMessage, state(3)
    [2356] 10-15 18:06:06:222: Negotiation unsuccessful
    [2356] 10-15 18:06:06:222: BuildPacket
    [2356] 10-15 18:06:06:222: << Sending Failure (Code: 4) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:06:222: AuthResultCode = (-2146893045), bCode = (4)
    [2356] 10-15 18:06:13:477:
    [2356] 10-15 18:06:13:477: EapTlsBegin(LAB\NOTETELEMED$)
    [2356] 10-15 18:06:13:477: SetupMachineChangeNotification
    [2356] 10-15 18:06:13:477: State change to Initial
    [2356] 10-15 18:06:13:477: MaxTLSMessageLength is now 16384
    [2356] 10-15 18:06:13:477: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [2356] 10-15 18:06:13:477: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [2356] 10-15 18:06:13:477: The root cert will not be checked for revocation
    [2356] 10-15 18:06:13:477: The cert will be checked for revocation
    [2356] 10-15 18:06:13:477:
    [2356] 10-15 18:06:13:477: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:13:477: EapTlsSMakeMessage, state(0)
    [2356] 10-15 18:06:13:477: EapTlsReset
    [2356] 10-15 18:06:13:477: State change to Initial
    [2356] 10-15 18:06:13:477: EapGetCredentials
    [2356] 10-15 18:06:13:477: Flag is Server and Store is local Machine
    [2356] 10-15 18:06:13:477: GetCachedCredentials Flags = 0xe1
    [2356] 10-15 18:06:13:477: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [2356] 10-15 18:06:13:477: pNode->dwCredFlags = 0x14
    [2356] 10-15 18:06:13:477: pNode->dwCredFlags = 0x11
    [2356] 10-15 18:06:13:477: GetCachedCredentials: Using Cached Credentials
    [2356] 10-15 18:06:13:477: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [2356] 10-15 18:06:13:477: BuildPacket
    [2356] 10-15 18:06:13:477: << Sending Request (Code: 1) packet: Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [2356] 10-15 18:06:13:477: State change to SentStart
    [4012] 10-15 18:06:13:523:
    [4012] 10-15 18:06:13:523: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:13:523: >> Received Response (Code: 2) packet: Id: 2, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [4012] 10-15 18:06:13:523: EapTlsSMakeMessage, state(1)
    [4012] 10-15 18:06:13:523: MakeReplyMessage
    [4012] 10-15 18:06:13:523: Reallocating input TLS blob buffer
    [4012] 10-15 18:06:13:523: SecurityContextFunction
    [4012] 10-15 18:06:13:523: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:06:13:523: State change to SentHello
    [4012] 10-15 18:06:13:523: BuildPacket
    [4012] 10-15 18:06:13:523: << Sending Request (Code: 1) packet: Id: 3, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:06:13:617:
    [2356] 10-15 18:06:13:617: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:13:617: >> Received Response (Code: 2) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:13:617: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:06:13:617: BuildPacket
    [2356] 10-15 18:06:13:617: << Sending Request (Code: 1) packet: Id: 4, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:13:679:
    [2356] 10-15 18:06:13:679: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:13:679: >> Received Response (Code: 2) packet: Id: 4, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [2356] 10-15 18:06:13:679: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:06:13:679: MakeReplyMessage
    [2356] 10-15 18:06:13:679: Reallocating input TLS blob buffer
    [2356] 10-15 18:06:13:679: BuildPacket
    [2356] 10-15 18:06:13:679: << Sending Request (Code: 1) packet: Id: 5, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:13:695:
    [2356] 10-15 18:06:13:695: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:13:695: >> Received Response (Code: 2) packet: Id: 5, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:13:695: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:06:13:695: MakeReplyMessage
    [2356] 10-15 18:06:13:695: SecurityContextFunction
    [2356] 10-15 18:06:13:711: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:06:13:711: AuthenticateUser
    [2356] 10-15 18:06:13:711: DwGetEKUUsage
    [2356] 10-15 18:06:13:711: Number of EKUs on the cert are 2
    [2356] 10-15 18:06:13:711: FCheckPolicy
    [2356] 10-15 18:06:13:711: FCheckPolicy done.
    [2356] 10-15 18:06:13:711: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:06:13:711: CheckUserName
    [2356] 10-15 18:06:13:711: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:06:13:711: MakeAlert(49, Manual)
    [2356] 10-15 18:06:13:711: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:06:13:711: BuildPacket
    [2356] 10-15 18:06:13:711: << Sending Request (Code: 1) packet: Id: 6, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:06:13:726:
    [4012] 10-15 18:06:13:726: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:13:726: >> Received Response (Code: 2) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:13:726: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:06:13:726: Negotiation unsuccessful
    [4012] 10-15 18:06:13:726: BuildPacket
    [4012] 10-15 18:06:13:726: << Sending Failure (Code: 4) packet: Id: 6, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:13:726: AuthResultCode = (-2146893045), bCode = (4)
    [2356] 10-15 18:06:25:863:
    [2356] 10-15 18:06:25:863: EapTlsBegin(LAB\NOTETELEMED$)
    [2356] 10-15 18:06:25:863: SetupMachineChangeNotification
    [2356] 10-15 18:06:25:863: State change to Initial
    [2356] 10-15 18:06:25:863: MaxTLSMessageLength is now 16384
    [2356] 10-15 18:06:25:863: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [2356] 10-15 18:06:25:863: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [2356] 10-15 18:06:25:863: The root cert will not be checked for revocation
    [2356] 10-15 18:06:25:863: The cert will be checked for revocation
    [2356] 10-15 18:06:25:863:
    [2356] 10-15 18:06:25:863: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:25:863: EapTlsSMakeMessage, state(0)
    [2356] 10-15 18:06:25:863: EapTlsReset
    [2356] 10-15 18:06:25:863: State change to Initial
    [2356] 10-15 18:06:25:863: EapGetCredentials
    [2356] 10-15 18:06:25:863: Flag is Server and Store is local Machine
    [2356] 10-15 18:06:25:863: GetCachedCredentials Flags = 0xe1
    [2356] 10-15 18:06:25:863: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [2356] 10-15 18:06:25:863: pNode->dwCredFlags = 0x14
    [2356] 10-15 18:06:25:863: pNode->dwCredFlags = 0x11
    [2356] 10-15 18:06:25:863: GetCachedCredentials: Using Cached Credentials
    [2356] 10-15 18:06:25:863: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [2356] 10-15 18:06:25:863: BuildPacket
    [2356] 10-15 18:06:25:863: << Sending Request (Code: 1) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [2356] 10-15 18:06:25:863: State change to SentStart
    [4012] 10-15 18:06:25:894:
    [4012] 10-15 18:06:25:894: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:25:894: >> Received Response (Code: 2) packet: Id: 3, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [4012] 10-15 18:06:25:894: EapTlsSMakeMessage, state(1)
    [4012] 10-15 18:06:25:894: MakeReplyMessage
    [4012] 10-15 18:06:25:894: Reallocating input TLS blob buffer
    [4012] 10-15 18:06:25:894: SecurityContextFunction
    [4012] 10-15 18:06:25:894: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:06:25:894: State change to SentHello
    [4012] 10-15 18:06:25:894: BuildPacket
    [4012] 10-15 18:06:25:894: << Sending Request (Code: 1) packet: Id: 4, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:06:25:941:
    [2356] 10-15 18:06:25:941: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:25:941: >> Received Response (Code: 2) packet: Id: 4, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:25:941: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:06:25:941: BuildPacket
    [2356] 10-15 18:06:25:941: << Sending Request (Code: 1) packet: Id: 5, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:25:988:
    [2356] 10-15 18:06:25:988: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:25:988: >> Received Response (Code: 2) packet: Id: 5, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [2356] 10-15 18:06:25:988: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:06:25:988: MakeReplyMessage
    [2356] 10-15 18:06:25:988: Reallocating input TLS blob buffer
    [2356] 10-15 18:06:25:988: BuildPacket
    [2356] 10-15 18:06:25:988: << Sending Request (Code: 1) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:26:003:
    [2356] 10-15 18:06:26:003: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:06:26:003: >> Received Response (Code: 2) packet: Id: 6, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:06:26:003: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:06:26:003: MakeReplyMessage
    [2356] 10-15 18:06:26:003: SecurityContextFunction
    [2356] 10-15 18:06:26:003: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:06:26:003: AuthenticateUser
    [2356] 10-15 18:06:26:003: DwGetEKUUsage
    [2356] 10-15 18:06:26:003: Number of EKUs on the cert are 2
    [2356] 10-15 18:06:26:003: FCheckPolicy
    [2356] 10-15 18:06:26:003: FCheckPolicy done.
    [2356] 10-15 18:06:26:003: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:06:26:003: CheckUserName
    [2356] 10-15 18:06:26:003: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:06:26:003: MakeAlert(49, Manual)
    [2356] 10-15 18:06:26:003: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:06:26:003: BuildPacket
    [2356] 10-15 18:06:26:003: << Sending Request (Code: 1) packet: Id: 7, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:06:26:035:
    [4012] 10-15 18:06:26:035: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:06:26:035: >> Received Response (Code: 2) packet: Id: 7, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:26:035: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:06:26:035: Negotiation unsuccessful
    [4012] 10-15 18:06:26:035: BuildPacket
    [4012] 10-15 18:06:26:035: << Sending Failure (Code: 4) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:06:26:035: AuthResultCode = (-2146893045), bCode = (4)
    [2356] 10-15 18:08:45:375:
    [2356] 10-15 18:08:45:375: EapTlsBegin(LAB\NOTETELEMED$)
    [2356] 10-15 18:08:45:375: SetupMachineChangeNotification
    [2356] 10-15 18:08:45:375: State change to Initial
    [2356] 10-15 18:08:45:375: MaxTLSMessageLength is now 16384
    [2356] 10-15 18:08:45:375: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [2356] 10-15 18:08:45:375: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [2356] 10-15 18:08:45:375: The root cert will not be checked for revocation
    [2356] 10-15 18:08:45:375: The cert will be checked for revocation
    [2356] 10-15 18:08:45:375:
    [2356] 10-15 18:08:45:375: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:08:45:375: EapTlsSMakeMessage, state(0)
    [2356] 10-15 18:08:45:375: EapTlsReset
    [2356] 10-15 18:08:45:375: State change to Initial
    [2356] 10-15 18:08:45:375: EapGetCredentials
    [2356] 10-15 18:08:45:375: Flag is Server and Store is local Machine
    [2356] 10-15 18:08:45:375: GetCachedCredentials Flags = 0xe1
    [2356] 10-15 18:08:45:375: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [2356] 10-15 18:08:45:375: pNode->dwCredFlags = 0x14
    [2356] 10-15 18:08:45:375: pNode->dwCredFlags = 0x11
    [2356] 10-15 18:08:45:375: GetCachedCredentials: Using Cached Credentials
    [2356] 10-15 18:08:45:375: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [2356] 10-15 18:08:45:375: BuildPacket
    [2356] 10-15 18:08:45:390: << Sending Request (Code: 1) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [2356] 10-15 18:08:45:390: State change to SentStart
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [2356] 10-15 18:08:45:390: EapTlsEnd
    [2356] 10-15 18:08:45:390: EapTlsEnd(lab\notetelemed$)
    [4012] 10-15 18:08:45:406:
    [4012] 10-15 18:08:45:406: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:08:45:421: >> Received Response (Code: 2) packet: Id: 3, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [4012] 10-15 18:08:45:421: EapTlsSMakeMessage, state(1)
    [4012] 10-15 18:08:45:421: MakeReplyMessage
    [4012] 10-15 18:08:45:421: Reallocating input TLS blob buffer
    [4012] 10-15 18:08:45:421: SecurityContextFunction
    [4012] 10-15 18:08:45:421: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:08:45:421: State change to SentHello
    [4012] 10-15 18:08:45:421: BuildPacket
    [4012] 10-15 18:08:45:421: << Sending Request (Code: 1) packet: Id: 4, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:08:45:453:
    [2356] 10-15 18:08:45:453: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:08:45:453: >> Received Response (Code: 2) packet: Id: 4, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:08:45:453: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:08:45:453: BuildPacket
    [2356] 10-15 18:08:45:453: << Sending Request (Code: 1) packet: Id: 5, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:08:45:499:
    [4012] 10-15 18:08:45:499: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:08:45:499: >> Received Response (Code: 2) packet: Id: 5, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [4012] 10-15 18:08:45:499: EapTlsSMakeMessage, state(2)
    [4012] 10-15 18:08:45:499: MakeReplyMessage
    [4012] 10-15 18:08:45:499: Reallocating input TLS blob buffer
    [4012] 10-15 18:08:45:499: BuildPacket
    [4012] 10-15 18:08:45:499: << Sending Request (Code: 1) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:08:45:531:
    [2356] 10-15 18:08:45:531: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:08:45:531: >> Received Response (Code: 2) packet: Id: 6, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:08:45:531: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:08:45:531: MakeReplyMessage
    [2356] 10-15 18:08:45:531: SecurityContextFunction
    [2356] 10-15 18:08:45:531: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:08:45:531: AuthenticateUser
    [2356] 10-15 18:08:45:531: DwGetEKUUsage
    [2356] 10-15 18:08:45:531: Number of EKUs on the cert are 2
    [2356] 10-15 18:08:45:531: FCheckPolicy
    [2356] 10-15 18:08:45:531: FCheckPolicy done.
    [2356] 10-15 18:08:45:531: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:08:45:531: CheckUserName
    [2356] 10-15 18:08:45:531: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:08:45:531: MakeAlert(49, Manual)
    [2356] 10-15 18:08:45:531: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:08:45:531: BuildPacket
    [2356] 10-15 18:08:45:531: << Sending Request (Code: 1) packet: Id: 7, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:08:45:562:
    [4012] 10-15 18:08:45:562: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:08:45:562: >> Received Response (Code: 2) packet: Id: 7, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:08:45:562: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:08:45:562: Negotiation unsuccessful
    [4012] 10-15 18:08:45:562: BuildPacket
    [4012] 10-15 18:08:45:562: << Sending Failure (Code: 4) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:08:45:562: AuthResultCode = (-2146893045), bCode = (4)
    [2356] 10-15 18:09:03:861:
    [2356] 10-15 18:09:03:861: EapTlsBegin(LAB\NOTETELEMED$)
    [2356] 10-15 18:09:03:861: SetupMachineChangeNotification
    [2356] 10-15 18:09:03:861: State change to Initial
    [2356] 10-15 18:09:03:861: MaxTLSMessageLength is now 16384
    [2356] 10-15 18:09:03:861: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [2356] 10-15 18:09:03:861: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [2356] 10-15 18:09:03:861: The root cert will not be checked for revocation
    [2356] 10-15 18:09:03:861: The cert will be checked for revocation
    [2356] 10-15 18:09:03:861:
    [2356] 10-15 18:09:03:861: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:09:03:861: EapTlsSMakeMessage, state(0)
    [2356] 10-15 18:09:03:861: EapTlsReset
    [2356] 10-15 18:09:03:861: State change to Initial
    [2356] 10-15 18:09:03:861: EapGetCredentials
    [2356] 10-15 18:09:03:861: Flag is Server and Store is local Machine
    [2356] 10-15 18:09:03:861: GetCachedCredentials Flags = 0xe1
    [2356] 10-15 18:09:03:861: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [2356] 10-15 18:09:03:861: pNode->dwCredFlags = 0x14
    [2356] 10-15 18:09:03:861: pNode->dwCredFlags = 0x11
    [2356] 10-15 18:09:03:861: GetCachedCredentials: Using Cached Credentials
    [2356] 10-15 18:09:03:861: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [2356] 10-15 18:09:03:861: BuildPacket
    [2356] 10-15 18:09:03:861: << Sending Request (Code: 1) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [2356] 10-15 18:09:03:861: State change to SentStart
    [4012] 10-15 18:09:03:908:
    [4012] 10-15 18:09:03:908: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:09:03:908: >> Received Response (Code: 2) packet: Id: 3, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [4012] 10-15 18:09:03:908: EapTlsSMakeMessage, state(1)
    [4012] 10-15 18:09:03:908: MakeReplyMessage
    [4012] 10-15 18:09:03:908: Reallocating input TLS blob buffer
    [4012] 10-15 18:09:03:908: SecurityContextFunction
    [4012] 10-15 18:09:03:908: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:09:03:908: State change to SentHello
    [4012] 10-15 18:09:03:908: BuildPacket
    [4012] 10-15 18:09:03:908: << Sending Request (Code: 1) packet: Id: 4, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:09:03:939:
    [2356] 10-15 18:09:03:939: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:09:03:939: >> Received Response (Code: 2) packet: Id: 4, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:09:03:939: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:09:03:939: BuildPacket
    [2356] 10-15 18:09:03:939: << Sending Request (Code: 1) packet: Id: 5, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:09:03:986:
    [4012] 10-15 18:09:03:986: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:09:03:986: >> Received Response (Code: 2) packet: Id: 5, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [4012] 10-15 18:09:03:986: EapTlsSMakeMessage, state(2)
    [4012] 10-15 18:09:03:986: MakeReplyMessage
    [4012] 10-15 18:09:03:986: Reallocating input TLS blob buffer
    [4012] 10-15 18:09:03:986: BuildPacket
    [4012] 10-15 18:09:03:986: << Sending Request (Code: 1) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:09:04:001:
    [2356] 10-15 18:09:04:001: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:09:04:001: >> Received Response (Code: 2) packet: Id: 6, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:09:04:001: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:09:04:001: MakeReplyMessage
    [2356] 10-15 18:09:04:001: SecurityContextFunction
    [2356] 10-15 18:09:04:017: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:09:04:017: AuthenticateUser
    [2356] 10-15 18:09:04:017: DwGetEKUUsage
    [2356] 10-15 18:09:04:017: Number of EKUs on the cert are 2
    [2356] 10-15 18:09:04:017: FCheckPolicy
    [2356] 10-15 18:09:04:017: FCheckPolicy done.
    [2356] 10-15 18:09:04:017: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:09:04:017: CheckUserName
    [2356] 10-15 18:09:04:017: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:09:04:017: MakeAlert(49, Manual)
    [2356] 10-15 18:09:04:017: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:09:04:017: BuildPacket
    [2356] 10-15 18:09:04:017: << Sending Request (Code: 1) packet: Id: 7, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:09:04:048:
    [4012] 10-15 18:09:04:048: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:09:04:048: >> Received Response (Code: 2) packet: Id: 7, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:09:04:048: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:09:04:048: Negotiation unsuccessful
    [4012] 10-15 18:09:04:048: BuildPacket
    [4012] 10-15 18:09:04:048: << Sending Failure (Code: 4) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:09:04:048: AuthResultCode = (-2146893045), bCode = (4)
    [2356] 10-15 18:09:12:503:
    [2356] 10-15 18:09:12:503: EapTlsBegin(LAB\NOTETELEMED$)
    [2356] 10-15 18:09:12:503: SetupMachineChangeNotification
    [2356] 10-15 18:09:12:503: State change to Initial
    [2356] 10-15 18:09:12:503: MaxTLSMessageLength is now 16384
    [2356] 10-15 18:09:12:503: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
    [2356] 10-15 18:09:12:503: CRYPT_E_REVOCATION_OFFLINE will not be ignored
    [2356] 10-15 18:09:12:503: The root cert will not be checked for revocation
    [2356] 10-15 18:09:12:503: The cert will be checked for revocation
    [2356] 10-15 18:09:12:503:
    [2356] 10-15 18:09:12:503: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:09:12:503: EapTlsSMakeMessage, state(0)
    [2356] 10-15 18:09:12:503: EapTlsReset
    [2356] 10-15 18:09:12:503: State change to Initial
    [2356] 10-15 18:09:12:503: EapGetCredentials
    [2356] 10-15 18:09:12:503: Flag is Server and Store is local Machine
    [2356] 10-15 18:09:12:503: GetCachedCredentials Flags = 0xe1
    [2356] 10-15 18:09:12:503: FindNodeInCachedCredList, flags(0xe1), default cached creds(0), check thread token(1)
    [2356] 10-15 18:09:12:503: pNode->dwCredFlags = 0x14
    [2356] 10-15 18:09:12:503: pNode->dwCredFlags = 0x11
    [2356] 10-15 18:09:12:503: GetCachedCredentials: Using Cached Credentials
    [2356] 10-15 18:09:12:503: GetCachedCredentials: Hash of the cert in the cache is
    08 08 94 32 8F 3A CC C6 B3 87 82 A9 13 E7 AF C4 |...2.:..........|
    C9 A8 D8 09 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    [2356] 10-15 18:09:12:503: BuildPacket
    [2356] 10-15 18:09:12:503: << Sending Request (Code: 1) packet: Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags: S
    [2356] 10-15 18:09:12:503: State change to SentStart
    [4012] 10-15 18:09:12:534:
    [4012] 10-15 18:09:12:534: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:09:12:534: >> Received Response (Code: 2) packet: Id: 2, Length: 87, Type: 13, TLS blob length: 77. Flags: L
    [4012] 10-15 18:09:12:534: EapTlsSMakeMessage, state(1)
    [4012] 10-15 18:09:12:534: MakeReplyMessage
    [4012] 10-15 18:09:12:534: Reallocating input TLS blob buffer
    [4012] 10-15 18:09:12:534: SecurityContextFunction
    [4012] 10-15 18:09:12:534: AcceptSecurityContext returned 0x90312
    [4012] 10-15 18:09:12:534: State change to SentHello
    [4012] 10-15 18:09:12:534: BuildPacket
    [4012] 10-15 18:09:12:534: << Sending Request (Code: 1) packet: Id: 3, Length: 1496, Type: 13, TLS blob length: 2012. Flags: LM
    [2356] 10-15 18:09:12:566:
    [2356] 10-15 18:09:12:566: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:09:12:566: >> Received Response (Code: 2) packet: Id: 3, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:09:12:566: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:09:12:566: BuildPacket
    [2356] 10-15 18:09:12:566: << Sending Request (Code: 1) packet: Id: 4, Length: 532, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:09:12:628:
    [4012] 10-15 18:09:12:628: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:09:12:628: >> Received Response (Code: 2) packet: Id: 4, Length: 1492, Type: 13, TLS blob length: 1633. Flags: LM
    [4012] 10-15 18:09:12:628: EapTlsSMakeMessage, state(2)
    [4012] 10-15 18:09:12:628: MakeReplyMessage
    [4012] 10-15 18:09:12:628: Reallocating input TLS blob buffer
    [4012] 10-15 18:09:12:628: BuildPacket
    [4012] 10-15 18:09:12:628: << Sending Request (Code: 1) packet: Id: 5, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:09:12:644:
    [2356] 10-15 18:09:12:644: EapTlsMakeMessage(lab\notetelemed$)
    [2356] 10-15 18:09:12:644: >> Received Response (Code: 2) packet: Id: 5, Length: 157, Type: 13, TLS blob length: 0. Flags:
    [2356] 10-15 18:09:12:644: EapTlsSMakeMessage, state(2)
    [2356] 10-15 18:09:12:644: MakeReplyMessage
    [2356] 10-15 18:09:12:644: SecurityContextFunction
    [2356] 10-15 18:09:12:644: AcceptSecurityContext returned 0x0
    [2356] 10-15 18:09:12:644: AuthenticateUser
    [2356] 10-15 18:09:12:644: DwGetEKUUsage
    [2356] 10-15 18:09:12:644: Number of EKUs on the cert are 2
    [2356] 10-15 18:09:12:644: FCheckPolicy
    [2356] 10-15 18:09:12:659: FCheckPolicy done.
    [2356] 10-15 18:09:12:659: FCheckUsage: All-Purpose: 1
    [2356] 10-15 18:09:12:659: CheckUserName
    [2356] 10-15 18:09:12:659: QuerySecurityContextToken failed and returned 0x8009030b
    [2356] 10-15 18:09:12:659: MakeAlert(49, Manual)
    [2356] 10-15 18:09:12:659: State change to SentFinished. Error: 0x8009030b
    [2356] 10-15 18:09:12:659: BuildPacket
    [2356] 10-15 18:09:12:659: << Sending Request (Code: 1) packet: Id: 6, Length: 17, Type: 13, TLS blob length: 7. Flags: L
    [4012] 10-15 18:09:12:675:
    [4012] 10-15 18:09:12:675: EapTlsMakeMessage(lab\notetelemed$)
    [4012] 10-15 18:09:12:675: >> Received Response (Code: 2) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
    [4012] 10-15 18:09:12:675: EapTlsSMakeMessage, state(3)
    [4012] 10-15 18:09:12:675: Negotiation unsuccessful
    [4012] 10-15 18:09:12:675: BuildPacket
    [4012] 10-15 18:09:12:675: << Sending Failure (Code: 4) packet: Id: 6, Length: 4, Type: 0, TLS blob length: 0. Flags:
    [4012] 10-15 18:09:12:675: AuthResultCode = (-2146893045), bCode = (4)




    Saturday, October 16, 2010 2:42 PM