locked
RADIUS Authentication Problems with NPS Server Eventid 6274 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    We have struggled for a while with RADIUS auth for some clients against an NPS Server when the user or computer tries to connect to the wireless network the following error can be seen on the NPS server:

    Network Policy Server discarded the request for a user

    Contact the Network Policy Server administrator for more information.

    User:
        Security ID:            NULL SID
        Account Name:            host/hostname.domainname.com
        Account Domain:            -
        Fully Qualified Account Name:    -

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        40-20-B1-F4-BB-15:Wireless-SSID
        Calling Station Identifier:        C1-18-85-08-10-E1

    NAS:
        NAS IPv4 Address:        192.168.10.10
        NAS IPv6 Address:        -
        NAS Identifier:            AP name
        NAS Port-Type:            Wireless - IEEE 802.11
        NAS Port:            0

    RADIUS Client:
        Client Friendly Name:        name
        Client IP Address:            192.168.10.10

    Authentication Details:
        Connection Request Policy Name:    Secure Wireless Connections
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        NPS servername
        Authentication Type:        -
        EAP Type:            -
        Account Session Identifier:        -
        Reason Code:            3
        Reason:                The RADIUS Request message that Network Policy Server received from the network access server was malformed.

    -----------------------------------------------------------------------------------------------------------------------------

    Network Policy Server discarded the request for a user.

    Contact the Network Policy Server administrator for more information.

    User:
        Security ID:            NULL SID
        Account Name:            domainname\username
        Account Domain:            -
        Fully Qualified Account Name:    -

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        20-18-B1-F4-BB-15:Wireless-SSID
        Calling Station Identifier:        09-3E-8E-3E-5A-C9

    NAS:
        NAS IPv4 Address:        192.168.10.10
        NAS IPv6 Address:        -
        NAS Identifier:            AP name
        NAS Port-Type:            Wireless - IEEE 802.11
        NAS Port:            0

    RADIUS Client:
        Client Friendly Name:        name
        Client IP Address:            192.168.10.10

    Authentication Details:
        Connection Request Policy Name:    Secure Wireless Connections
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        NPS server name
        Authentication Type:        -
        EAP Type:            -
        Account Session Identifier:        -
        Reason Code:            3
        Reason:                The RADIUS Request message that Network Policy Server received from the network access server was malformed.

    -----------------------------------------------------------------------------------------------------------------

    Message seen from the AP's logs:

    (317)IEEE802.1X auth is starting (at if=wifi0.2)

    (318)Send message to RADIUS Server(192.168.60.166): code=1 (Access-Request) identifier=157 length=162,  User-Name=domain\username NAS-IP-Address=192.168.10.10 Called-Station-Id=40-18-B1-F4-BB-15:Wireless-SSID Calling-Station-Id=C0-18-85-08-10-E1

    (319)Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=157 length=90

     (320)Send message to RADIUS Server(192.168.60.166): code=1 (Access-Request) identifier=158 length=286,  User-Name=domain\username NAS-IP-Address=192.168.10.10 Called-Station-Id=40-18-B1-F4-BB-15:Wireless-SSID Calling-Station-Id=C0-18-85-08-10-E1

     (321)Send message to RADIUS Server(192.168.60.166): code=1 (Access-Request) identifier=161 length=162,  User-Name=domain\username NAS-IP-Address=192.168.10.10 Called-Station-Id=40-18-B1-F4-BB-15:Wireless-SSID Calling-Station-Id=C0-18-85-08-10-E1

     (322)Receive message from RADIUSServer: code=11 (Access-Challenge) identifier=161 length=90 BASIC  

    Output omitted

    (330)Sta(at if=wifi0.2) is de-authenticated because of notification of driver

    We have other NPS Servers with corresponding policy settings which are working so I am having trouble to understand why this errors occurs.

    Initally the problem seemed to be related to the Cert on the NPS server cause it used the cert generated from the Somputer template. Now it uses the template for Domain controller just as the other NPS servers so this should not be the issue(Not sure if this matters?)

    Please guide me on how to take this further

    Thank you :)

    //Cris

    Wednesday, January 28, 2015 2:41 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    NPS Event ID: 6274.

    This condition occurs when the NPS discards accounting requests because the structure of the accounting request message that was sent by a RADIUS client does not comply with the RADIUS protocol. You should reconfigure, upgrade, or replace the RADIUS client.

    Detailed information reference:
    Event ID 6274 — NPS Accounting Request Message Processing
    https://technet.microsoft.com/en-us/library/cc735339(v=WS.10).aspx

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, January 29, 2015 9:07 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    NPS Event ID: 6274.

    This condition occurs when the NPS discards accounting requests because the structure of the accounting request message that was sent by a RADIUS client does not comply with the RADIUS protocol. You should reconfigure, upgrade, or replace the RADIUS client.

    Detailed information reference:
    Event ID 6274 — NPS Accounting Request Message Processing
    https://technet.microsoft.com/en-us/library/cc735339(v=WS.10).aspx

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, January 29, 2015 9:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    That does not answer much!

    I have the same error happening mostly on a backup NPS (2012 R2)

    Same clients (mobile devices connecting to BYOD via Aerohive APs)

    Primary server hardly ever shows this error, backup NPS has plenty of these errors

    Is there any better way to diagnose it?

    Within few seconds (same backup NPS) I see in log:

    Network Policy Server granted full access to a user because the host met the defined health policy.

User:
	Security ID:			DOMAIN\AUser
	Account Name:			auser
	Account Domain:			DOMAIN
	Fully Qualified Account Name:	DOMAIN\auser
    Authentication Details:
        Connection Request Policy Name:    NAP 802.1X (Wireless)
        Network Policy Name:               SP-BYOD - Staff VLAN assignment

    and straight after

    Network Policy Server discarded the request for a user.

Contact the Network Policy Server administrator for more information.

User:
	Security ID:			NULL SID
	Account Name:			auser
	Account Domain:			-
	Fully Qualified Account Name:	-
    Authentication Details:
        Connection Request Policy Name:    NAP 802.1X (Wireless)
        Network Policy Name:               -

    where BOTH requests come from the same

    NAS:
        NAS IPv4 Address:        10.0.1.188

    It really makes no sense to me at all

    Seb


    • Edited by scerazy Tuesday, June 13, 2017 7:03 PM
    Tuesday, June 13, 2017 6:53 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I am not familiar with Aerohive APs but I've read it's possible to do a packet trace that might reveal some differences in the way the AP is interacting with the main NPS and the backup NPS. I used to do this a lot by enabling debug and RADIUS logs on wired switches and routers and it was useful.

    How exactly have you configured the backup NPS? Have you configured load balancing with NPS proxy and set the priority lower on the backup so it doesn't receive any requests unless the primary is unresponsive, or have you simply configured your APs to send requests to multiple NPS?

    The certificate should be fine assuming it has the server authentication EKU, is not expired, and the PKI is trusted.

    You should probably check both NPS under settings\RADIUS attributes and make sure they are the same.

    Are both NPS physically located on the same network, or is one closer to the AP and another remote, i.e. the auth request is passing through more network devices on the way? I assume both NPS are running the same OS - correct?

    Thanks,

    -Greg

    Monday, June 19, 2017 10:41 PM