locked
NPS Error code 18 RRS feed

  • Question

  • Hi,

    I have configured windows server 2008 NPS to connect to our CISCO AP 1200 Series. for that configured a network policy, Add AP IP Address to Radius Client in NPS, Add Radius Server IP to Access Point. Now getting below error message in Event viewer in NPS Server. I have checked http://technet.microsoft.com/en-us/library/cc735343(WS.10).aspx but not getting anything.

    Event ID : 18
    An Access-Request message was received from RADIUS client 192.168.12.25 with a message authenticator attribute that is not valid.

    Kindly let me know what could be the reason for this error & how to resolve it.

    Dhiraj

    Tuesday, December 21, 2010 10:04 AM

Answers

  • Hi,

    Problem has been resolved now. as i have suspected in my second last post, shared secret was the issue. i was not clear which key to use in Access Point config. i have tried to generate a new key in Radius Client in NPS & used the same key in AP Config & problem resolved.

    Dhiraj

    • Marked as answer by DhirajHaritwal Friday, December 24, 2010 9:20 AM
    Friday, December 24, 2010 9:20 AM

All replies

  • Hi Dhiraj,

    Please try these two things seperately to see if the issue is gone:

    1. Enable, or disable the "Message Authenticator" option in the settings of your defined radius client on your NPS Server, and try to see if the issue is resolved.
    2. Add the PEAP authentication method, and try to see if the issue is resolved.

    Regards

    Qunshu


    Clarification: Microsoft doesn't own any liability & responsibility for any of my posting.
    Wednesday, December 22, 2010 1:43 AM
  • Hi Dhiraj,

     

    Have you checked the option “Request must contain the Message Authenticator attribute” in Advance tab when performed new RADIUS Client Wizard?

    And what's the entry in Client-Vendor?

     

    For more information please refer to the link below:

     

    Add a New RADIUS Client

    http://technet.microsoft.com/en-us/library/cc732929.aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, December 22, 2010 4:43 AM
  • Thanks, Qunshu/Tiger Li,

    Earlier this option (“Request must contain the Message Authenticator attribute”) was not selected. now i have tried to enable this as well but still same error message. In network policy i have already selected Microsoft Protected EAP & same is configured in Access Points also. We have four access points & all are working from Windows 2003 IAS Server. I have to migrate it to Windows Server 2008 NPS. so i have configured Win 2K8 NPS, Add one CISCO 1200 AP as Radius client & tried to change Radius Server IP in AP Config. then got that error message & clients are unable to connect.

    Dhiraj

    Wednesday, December 22, 2010 5:10 AM
  • Hi DHiraj,

     

    Thanks for update.

     

    Have you defined any customized attributes?

    I’d suggest you may try resetting AP to factory default setting and reconfigure it without any customized attributes . After that please readd AP device by new radius client wizard and check if this issue would persist ?

    You could export the exist settings before perform this test.

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, December 22, 2010 5:45 AM
  • Thanks, Li. i have taken Netmon also on NPS Server. can we get any clue from Netmon.

    Dhiraj

    Wednesday, December 22, 2010 6:09 AM
  • Netmon capture on the NPS server will help because the malformed radius message is also a cause of this event. But normally it can be fixed by trying these two solutions mentioned in my previous post. Normally, People don't notice that configuration and this event occurs.
    Clarification: Microsoft doesn't own any liability & responsibility for any of my posting.
    Wednesday, December 22, 2010 6:26 AM
  • BTW, another common mistake people always make is, the password in AP is not the same in the NPS radius client configuration. Can you check that? Thanks. 
    Clarification: Microsoft doesn't own any liability & responsibility for any of my posting.
    • Proposed as answer by Andrew [MSFT] Friday, December 24, 2010 10:07 PM
    Wednesday, December 22, 2010 6:32 AM
  • Qunshu, i have set login password of AP in Radius Client. i have a a doubt. in AP Config, i have only changed the IP Address of radius in below command & used the rest. Is it ok. will the key in the last of this command be same? i have already tried your suggested two options but same error. what can we check in the netmon logs.

    radius-server host 192.168.12.25 auth-port 1812 acct-port 1813 key 7 040A59555B741A19514024

    Dhiraj

    Wednesday, December 22, 2010 6:39 AM
  • Qunshu/Tiger Li, Kindly help me to resolve it.

    One more thing, Somewhere i read, we have to register NPS Server in AD. i haven't register it. is it necessary. we didn't register IAS in AD.

    Dhiraj

     

    Thursday, December 23, 2010 6:24 AM
  • Hi,

    Problem has been resolved now. as i have suspected in my second last post, shared secret was the issue. i was not clear which key to use in Access Point config. i have tried to generate a new key in Radius Client in NPS & used the same key in AP Config & problem resolved.

    Dhiraj

    • Marked as answer by DhirajHaritwal Friday, December 24, 2010 9:20 AM
    Friday, December 24, 2010 9:20 AM