This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

NPS Reason code 23

Question
0

Sign in to vote
Hello,

I'm trying to get a 2nd NPS server working on our trusted forests. One server works, but the 2nd one gives me errors like this I've xxx'ed out company specific information:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: xxx
Account Name: xxx
Account Domain: xxx
Fully Qualified Account Name: xxx
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 000B86B7A15F
Calling Station Identifier: F02475AF11E8

NAS:
NAS IPv4 Address: 10.208.0.20
NAS IPv6 Address: -
NAS Identifier: 10.208.0.21
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0

RADIUS Client:
Client Friendly Name: xxx
Client IP Address: 10.208.0.2

Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: xxx
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.

I have mirrored the configuration from the working server to the non-working server and re-issued all the certs for the non-working server. I'm not finding anything particularly useful in the In* logs. Would anyone be willing and able to shed some light on this for me please?

thank you in advance.

Figured it out...I highly recommend using the IAS log viewer from DeepSoftware.com. Turns out some machines were authenticating and others were not which changed the whole troubleshooting process. We ended up re-requesting certificates for the machines that were not authenticating and all is working now. The IAS gives you a realtime READABLE view of the IAS logs. Cannot recommend it enough.
- Edited by PatrickSteiner Friday, September 7, 2018 3:09 PM
Friday, July 20, 2018 5:35 PM

All replies

0

Sign in to vote

Hi,

Thanks for your question.

According to the error code 23 and the error message, the problem may occurred while authentication with EAP.

There are some basic requirements for the client certificates and server certificates, first check to see if the certificates(details tab of certificate’s properties will display the information) meet the minimum requirements. Reference link:

Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS

http://support.microsoft.com/kb/814394/en-us

Delete the certificates which are out of use. Besides, try to reissue the certificate and then delete the old one. Check to see if it will be helpful.

Best regards,

Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Monday, July 23, 2018 8:30 AM
0

Sign in to vote

Hi,

Was your issue resolved?

If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

If no, please reply and tell us the current situation in order to provide further help.

Best Regards,

Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Thursday, July 26, 2018 9:42 AM
0

Sign in to vote

Hello and thank you for the response, your suggestions did not solve the problem. I have been through the link you sent to verify the nps server certs do meet the requirements and they do. I did re-issue the certs on one of the window 08 machines and made sure old certs were deleted. I also created two new win16 servers for NPS and issued certs to no avail...still getting the reason code 23. Any other ideas on what I could check?

Thursday, July 26, 2018 1:38 PM
0

Sign in to vote

Do you have any command line tricks I could use to get better diagnostics? Can you tell me where the EAP logs are? I see the NPS logs and the event logs, but I have never seen any EAP logs.

Thursday, July 26, 2018 2:40 PM
0

Sign in to vote
Hi,

Thanks for your reply.

You can check the entries in EAP log which located under “%windir%\System32\Logfiles ”.

Best regards,

Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
- Proposed as answer by Travis HuangMicrosoft contingent staff Friday, September 7, 2018 9:55 AM
Friday, July 27, 2018 7:04 AM