locked
NPS Ignores Network policy RRS feed

  • Question

  • Hi ,

    I have created 2 Network policies on Windows 2008 NPS using Radius server for 802.1X Wireless or Wired Connection. My Local Desktops and Laptops are working fine, but my thin clients are communicating to  the RDS server

    1. Ncomputing ----{ Processing order 1} .This policy is created using  blog http://blogs.technet.com/b/teamdhcp/archive/2008/06/15/nap-enforrcement-exemption-for-printers-and-other-network-appliances.aspx

    2. Secure Wired (Ethernet) Connections  ---- {Processing order 2}

    , but my client which is a thin client ,jumps the 1st network policy and 2nd network policy is applied by default.

    Please find event details below. 

    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
    Security ID: TESTCK\000fe0349220
    Account Name: 000fe0349220
    Account Domain: TESTCK
    Fully Qualified Account Name: TESTCK\000fe0349220

    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 5C-8A-38-26-6E-C9
    Calling Station Identifier: 00-0F-E0-34-92-20

    NAS:
    NAS IPv4 Address: 192.168.110.57
    NAS IPv6 Address: -
    NAS Identifier: blu_nw2_cat_jupiter07
    NAS Port-Type: Ethernet
    NAS Port: 16781400

    RADIUS Client:
    Client Friendly Name: CAT
    Client IP Address: 192.168.110.57

    Authentication Details:
    Connection Request Policy Name: Secure Wired (Ethernet) Connections
    Network Policy Name: Secure Wired (Ethernet) Connections
    Authentication Provider: Windows
    Authentication Server: cktest.testck.local
    Authentication Type: PAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.

    Kindly help me out!!

    Saturday, June 6, 2015 11:06 AM

All replies

  • Hi,

    According to the log, the client attempts to use the PAP authentication method.

    Please make sure that you have enabled the PAP authentication method on network policy Secure Wired (Ethernet) Connections.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, June 9, 2015 2:04 AM
  • Hi Steven,

    PAP authentication method is already enabled on Network policy Secure Wired (Ethernet) Connections.

    But we want to apply Ncomputing NPS policy to the thin client. Currently this policy is bypassed by the thin client. We have moved the policy to the top of the Console and the Processing order is alos 1. Still this policy is not applied to the thin client.

    As mentioned earlier this policy was created using below blog as we want to exempt thin clients  from NAP http://blogs.technet.com/b/teamdhcp/archive/2008/06/15/nap-enforrcement-exemption-for-printers-and-other-network-appliances.aspx.

    Kindly let me know if there is a way out for us

    Tuesday, June 9, 2015 5:17 AM