This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

NPS Ignores Network policy

Question
0

Sign in to vote

Hi ,

I have created 2 Network policies on Windows 2008 NPS using Radius server for 802.1X Wireless or Wired Connection. My Local Desktops and Laptops are working fine, but my thin clients are communicating to the RDS server

1. Ncomputing ----{ Processing order 1} .This policy is created using blog http://blogs.technet.com/b/teamdhcp/archive/2008/06/15/nap-enforrcement-exemption-for-printers-and-other-network-appliances.aspx

2. Secure Wired (Ethernet) Connections ---- {Processing order 2}

, but my client which is a thin client ,jumps the 1st network policy and 2nd network policy is applied by default.

Please find event details below.

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: TESTCK\000fe0349220
Account Name: 000fe0349220
Account Domain: TESTCK
Fully Qualified Account Name: TESTCK\000fe0349220

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 5C-8A-38-26-6E-C9
Calling Station Identifier: 00-0F-E0-34-92-20

NAS:
NAS IPv4 Address: 192.168.110.57
NAS IPv6 Address: -
NAS Identifier: blu_nw2_cat_jupiter07
NAS Port-Type: Ethernet
NAS Port: 16781400

RADIUS Client:
Client Friendly Name: CAT
Client IP Address: 192.168.110.57

Authentication Details:
Connection Request Policy Name: Secure Wired (Ethernet) Connections
Network Policy Name: Secure Wired (Ethernet) Connections
Authentication Provider: Windows
Authentication Server: cktest.testck.local
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.

Kindly help me out!!

Saturday, June 6, 2015 11:06 AM

All replies

0

Sign in to vote

Hi,

According to the log, the client attempts to use the PAP authentication method.

Please make sure that you have enabled the PAP authentication method on network policy Secure Wired (Ethernet) Connections.

Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

Tuesday, June 9, 2015 2:04 AM
0

Sign in to vote

Hi Steven,

PAP authentication method is already enabled on Network policy Secure Wired (Ethernet) Connections.

But we want to apply Ncomputing NPS policy to the thin client. Currently this policy is bypassed by the thin client. We have moved the policy to the top of the Console and the Processing order is alos 1. Still this policy is not applied to the thin client.

As mentioned earlier this policy was created using below blog as we want to exempt thin clients from NAP http://blogs.technet.com/b/teamdhcp/archive/2008/06/15/nap-enforrcement-exemption-for-printers-and-other-network-appliances.aspx.

Kindly let me know if there is a way out for us

Tuesday, June 9, 2015 5:17 AM