locked
NPS - RADIUS - IAS - DHCP - WIFI Authentication Failure when an user logon in more than two devices RRS feed

  • Question

  • Hi All,

    My company have configured one DC with the DCHP and NPS Roles, the NPS act like a Radius (or IAS server) with PEAP authentication for WiFi Clients, all users connect correctly and they receive dynamic IP address from DCHP. (Windows Server 2008 R2).

    The initial failure was reported by the CEO of the company, he have an Iphone, an IPad and an Imac, and he only can connect two devices at the same time.

    I was working in many test environments, in the first one I connect my laptop and two android devices, but only was possible connect two of them, for example the laptop and one android device or the two android devices at the same time;  in the second test, I logged in two different laptops (windows 7 pro), but only was possible establish a connection from one of them, the second laptop stay trying to connect to the Wireless.

    I review the logs from IAS and AD, and I only see succesful connections record , even when the device cannot connect, in this case, the connection start again and a newly succesful connections record appear in the eventvwr and ias log.

    Best Regards,

    Leonardo Rodríguez

    MCSA, MCSE, MCTS, MCP


    Tuesday, March 25, 2014 4:02 PM

Answers

  • Hi,

    Please check your access points and switches and ensure you have not configured port security here, if you do not want to use it. Using port security, it is possible to limit the number of secure devices that can be attached at one time.

    I cannot think of a reason why NPS or DHCP would deny a third connection request. It is most likely this is happening at the switch or access point.

    -Greg

    • Proposed as answer by Susie Long Wednesday, April 2, 2014 5:32 AM
    • Marked as answer by Susie Long Monday, April 7, 2014 5:31 AM
    Monday, March 31, 2014 11:19 PM
  • Thanks Greg and Susie!!!

    Yesterday the connectivity department made an upgrade to the WiFi Controller that manage all access point and now we can connect more than 3 devices at the same time.

    Best regards,

    Leonardo Rodríguez

    MCSA, MCSE, MCTS, MCP

    • Marked as answer by Susie Long Monday, April 28, 2014 6:34 AM
    Wednesday, April 23, 2014 3:35 PM

All replies

  • Hi,

    Firstly, since you haven’t found any log related to rejected authentication requests, please make sure that Rejected authentication requests is checked on the General tab in NPS (Local) Properties.

    In addition, it is not recommended to install the DHCP role on a DC and not sure if the issue was due to it. You can capture packets to analyze the root reason for the issue.

    Best regards,

    Susie

    Friday, March 28, 2014 7:53 AM

  • Thanks for the answer Susie,

    I review the genetal tab and both are checked, Successful and Reject authentication.

    Also I review the audit settings, and both Success and Failure, are enabled:

    C:\Windows\system32>auditpol /get /subcategory:"Network Policy Server"
    System audit policy
    Category/Subcategory                      Setting
    Logon/Logoff
      Network Policy Server                   Success and Failure

    Best Regards,

    Leonardo Rodríguez

    MCSA, MCSE, MCTS, MCP

    Friday, March 28, 2014 2:47 PM
  • Hi,

    Please check your access points and switches and ensure you have not configured port security here, if you do not want to use it. Using port security, it is possible to limit the number of secure devices that can be attached at one time.

    I cannot think of a reason why NPS or DHCP would deny a third connection request. It is most likely this is happening at the switch or access point.

    -Greg

    • Proposed as answer by Susie Long Wednesday, April 2, 2014 5:32 AM
    • Marked as answer by Susie Long Monday, April 7, 2014 5:31 AM
    Monday, March 31, 2014 11:19 PM
  • Thanks Greg and Susie!!!

    Yesterday the connectivity department made an upgrade to the WiFi Controller that manage all access point and now we can connect more than 3 devices at the same time.

    Best regards,

    Leonardo Rodríguez

    MCSA, MCSE, MCTS, MCP

    • Marked as answer by Susie Long Monday, April 28, 2014 6:34 AM
    Wednesday, April 23, 2014 3:35 PM
  • Hi,

    Good to hear that and thanks for sharing.

    Have a good day!

    Best regards,

    Susie

    Monday, April 28, 2014 6:34 AM