locked
Sonic NSA 2400 suddenly not able to authenticate users to the RADIUS server RRS feed

  • Question

  • Two days ago suddenly users could not authenticate through the VPN or Wifi. The password prompt just keeps coming up over and over.

    So I go into the Sonicwall device and check the settings, all the ip's are correct, the settings all look good.  I go to test the RADIUS connection and get Authentication failed,  or MSCHAP ERROR: E=691 R=0 V=3.

    I checked all the settings on the Server 2012 R2 NAP server, seems good, the Sonic device is configure and enabled.  Nothing seems to prevent it from logging from the NAP server settings.

    To trouble shoot I added my laptop to the NAP RADIUS Clients, same issue, not able to authenticate using a couple RADIUS test tools. 

    What setting can I check to find out why the NAP server is suddenly not authenticating user and clients who are allowed, enabled and correctly configured in NAP.

    Any thoughts on were to look or how to further troubleshoot this not being able to authenticate to the RADIUS server issue?  Right now the VPN and Corporate Wifi are down because no one is able to authenticate.

    Thank you

    Curt Winter

    Systems Engineer

    Thursday, January 22, 2015 5:09 PM

Answers

  • Everyone,

    Just to update this post, it ended up being a certificates issue.

    First part was a pointer to an old CA server that did not exist any longer, remove this.

    Second, removed expired Certificates from the Current CA.

    Third Ensured the NAP server was using current computer certs, not domain certs.

    Finally rebuild each of the polcies in the NAP server and everything is working again.

    After that it started to authenticate users again.

    Curt Winter

    • Marked as answer by Curt Winter Thursday, February 19, 2015 3:23 PM
    Thursday, February 19, 2015 3:23 PM

All replies

  • Hi,

    According to your description, and without  obvious error code, it may be a litter difficult to find out the where the problem is.

    Try to heck the Event Viewer on related devices, and the NPS log files, if there is any error record about this problem.

    Or use Network Monitor(download link: http://www.microsoft.com/en-us/download/details.aspx?id=4865) on every related device to capture packets, according to the authentication process to find out  which stage is stopped. This might be a lot of workloads.

    Best Regards,
    Eve Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 23, 2015 8:36 AM
  • Everyone,

    Just to update this post, it ended up being a certificates issue.

    First part was a pointer to an old CA server that did not exist any longer, remove this.

    Second, removed expired Certificates from the Current CA.

    Third Ensured the NAP server was using current computer certs, not domain certs.

    Finally rebuild each of the polcies in the NAP server and everything is working again.

    After that it started to authenticate users again.

    Curt Winter

    • Marked as answer by Curt Winter Thursday, February 19, 2015 3:23 PM
    Thursday, February 19, 2015 3:23 PM