locked
2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560 RRS feed

  • Question

  • I am migrating our IAS server from 2003 R2 to 2008 R2 NPS that we use to authenticate VPN conenctions through AD. Currently works without issue on 2003 R2 server. Does not want to work on 2008 R2 NPS server.

    We are using Cisco VPN client 5.0.03.0560 as the VPN client. Below is the log file when I try to connect. Can someone tell me what needs to be done on NPS to get this working? If more info is needed please ask and will supply.

    Cisco Systems VPN Client Version 5.0.03.0560
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Windows, WinNT
    Running on: 5.1.2600 Service Pack 3
    Config file directory: C:\Program Files\Cisco Systems\VPN Client\

    1      10:55:10.906  06/05/14  Sev=Info/4 CM/0x63100002

    Begin connection process

    2      10:55:10.921  06/05/14  Sev=Info/4 CM/0x63100004

    Establish secure connection

    3      10:55:10.921  06/05/14  Sev=Info/4 CM/0x63100024

    Attempt connection with server ".com"

    4      10:55:10.921  06/05/14  Sev=Info/6 IKE/0x6300003B

    Attempting to establish a connection with x.x.x.x.

    5      10:55:10.937  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

    6      10:55:11.140  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    7      10:55:11.140  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

    8      10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer is a Cisco-Unity compliant peer

    9      10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DPD

    10     10:55:11.203  06/05/14  Sev=Info/6 GUI/0x63B00012

    Authentication request attributes is 6h.

    11     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DWR Code and DWR Text

    12     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports XAUTH

    13     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports NAT-T

    14     10:55:11.140  06/05/14  Sev=Info/6 IKE/0x63000001

    IOS Vendor ID Contruction successful

    15     10:55:11.140  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

    16     10:55:11.140  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    17     10:55:11.140  06/05/14  Sev=Info/4 IKE/0x63000083

    IKE Port in use - Local Port =  0x078F, Remote Port = 0x1194

    18     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000072

    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device

    19     10:55:11.140  06/05/14  Sev=Info/4 CM/0x6310000E

    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

    20     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    21     10:55:11.203  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

    22     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x63000045

    RESPONDER-LIFETIME notify has value of 86400 seconds

    23     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x63000047

    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

    24     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    25     10:55:11.203  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

    26     10:55:11.203  06/05/14  Sev=Info/4 CM/0x63100015

    Launch xAuth application

    27     10:55:11.250  06/05/14  Sev=Info/4 IPSEC/0x63700008

    IPSec driver successfully started

    28     10:55:11.250  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    29     10:55:15.484  06/05/14  Sev=Info/4 CM/0x63100017

    xAuth application returned

    30     10:55:15.484  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

    31     10:55:21.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    32     10:55:31.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    33     10:55:41.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    34     10:55:51.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    35     10:55:52.593  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    36     10:55:52.593  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

    37     10:55:52.609  06/05/14  Sev=Info/6 GUI/0x63B00012

    Authentication request attributes is 6h.

    38     10:55:52.593  06/05/14  Sev=Info/4 CM/0x63100015

    Launch xAuth application

    39     10:56:01.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    40     10:56:07.656  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    41     10:56:07.656  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

    42     10:56:11.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    43     10:56:21.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    44     10:56:22.656  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    45     10:56:22.656  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

    46     10:56:31.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    47     10:56:37.765  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    48     10:56:37.765  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

    49     10:56:41.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    50     10:56:51.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    51     10:56:52.812  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    52     10:56:52.812  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

    53     10:57:01.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    54     10:57:07.562  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    55     10:57:07.562  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

    56     10:57:11.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    57     10:57:21.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    58     10:57:31.218  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    59     10:57:33.046  06/05/14  Sev=Info/4 CM/0x63100017

    xAuth application returned

    60     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

    61     10:57:33.046  06/05/14  Sev=Info/4 CM/0x63100018

    User does not provide any authentication data

    62     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000001

    IKE received signal to terminate VPN connection

    63     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000017

    Marking IKE SA for deletion  (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB

    64     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

    65     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x6300004B

    Discarding IKE SA negotiation (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB

    66     10:57:33.046  06/05/14  Sev=Info/5 CM/0x63100025

    Initializing CVPNDrv

    67     10:57:33.062  06/05/14  Sev=Info/6 CM/0x63100046

    Set tunnel established flag in registry to 0.

    68     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    69     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    70     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    71     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x6370000A

    IPSec driver successfully stopped

    72     11:00:54.656  06/05/14  Sev=Info/4 CM/0x63100002

    Begin connection process

    73     11:00:54.671  06/05/14  Sev=Info/4 CM/0x63100004

    Establish secure connection

    74     11:00:54.671  06/05/14  Sev=Info/4 CM/0x63100024

    Attempt connection with server ".com"

    75     11:00:54.687  06/05/14  Sev=Info/6 IKE/0x6300003B

    Attempting to establish a connection with x.x.x.x

    76     11:00:54.703  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

    77     11:00:54.750  06/05/14  Sev=Info/4 IPSEC/0x63700008

    IPSec driver successfully started

    78     11:00:54.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    79     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    80     11:00:54.953  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

    81     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer is a Cisco-Unity compliant peer

    82     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DPD

    83     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DWR Code and DWR Text

    84     11:00:55.015  06/05/14  Sev=Info/6 GUI/0x63B00012

    Authentication request attributes is 6h.

    85     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports XAUTH

    86     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports NAT-T

    87     11:00:54.953  06/05/14  Sev=Info/6 IKE/0x63000001

    IOS Vendor ID Contruction successful

    88     11:00:54.968  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

    89     11:00:54.968  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    90     11:00:54.968  06/05/14  Sev=Info/4 IKE/0x63000083

    IKE Port in use - Local Port =  0x0798, Remote Port = 0x1194

    91     11:00:54.968  06/05/14  Sev=Info/5 IKE/0x63000072

    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device

    92     11:00:54.968  06/05/14  Sev=Info/4 CM/0x6310000E

    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

    93     11:00:55.000  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    94     11:00:55.000  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

    95     11:00:55.000  06/05/14  Sev=Info/5 IKE/0x63000045

    RESPONDER-LIFETIME notify has value of 86400 seconds

    96     11:00:55.000  06/05/14  Sev=Info/5 IKE/0x63000047

    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

    97     11:00:55.015  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    98     11:00:55.015  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

    99     11:00:55.015  06/05/14  Sev=Info/4 CM/0x63100015

    Launch xAuth application

    100    11:00:58.765  06/05/14  Sev=Info/4 CM/0x63100017

    xAuth application returned

    101    11:00:58.765  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

    102    11:01:05.250  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    103    11:01:15.250  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    104    11:01:25.250  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    105    11:01:30.312  06/05/14  Sev=Info/6 GUI/0x63B0000D

    Disconnecting VPN connection.

    106    11:01:30.312  06/05/14  Sev=Info/4 CM/0x63100006

    Abort connection attempt before Phase 1 SA up

    107    11:01:30.312  06/05/14  Sev=Info/4 IKE/0x63000001

    IKE received signal to terminate VPN connection

    108    11:01:30.312  06/05/14  Sev=Info/4 IKE/0x63000017

    Marking IKE SA for deletion  (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB

    109    11:01:30.328  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

    110    11:01:30.328  06/05/14  Sev=Info/4 IKE/0x6300004B

    Discarding IKE SA negotiation (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB

    111    11:01:30.328  06/05/14  Sev=Info/5 CM/0x63100025

    Initializing CVPNDrv

    112    11:01:30.328  06/05/14  Sev=Info/6 CM/0x63100046

    Set tunnel established flag in registry to 0.

    113    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    114    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    115    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    116    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x6370000A

    IPSec driver successfully stopped

    117    11:01:44.875  06/05/14  Sev=Info/4 CM/0x63100002

    Begin connection process

    118    11:01:44.890  06/05/14  Sev=Info/4 CM/0x63100004

    Establish secure connection

    119    11:01:44.890  06/05/14  Sev=Info/4 CM/0x63100024

    Attempt connection with server ".com"

    120    11:01:44.906  06/05/14  Sev=Info/6 IKE/0x6300003B

    Attempting to establish a connection with x.x.x.x

    121    11:01:44.921  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

    122    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    123    11:01:45.234  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

    124    11:01:45.296  06/05/14  Sev=Info/6 GUI/0x63B00012

    Authentication request attributes is 6h.

    125    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer is a Cisco-Unity compliant peer

    126    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DPD

    127    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DWR Code and DWR Text

    128    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports XAUTH

    129    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports NAT-T

    130    11:01:45.234  06/05/14  Sev=Info/6 IKE/0x63000001

    IOS Vendor ID Contruction successful

    131    11:01:45.234  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

    132    11:01:45.234  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    133    11:01:45.234  06/05/14  Sev=Info/4 IKE/0x63000083

    IKE Port in use - Local Port =  0x079B, Remote Port = 0x1194

    134    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000072

    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device

    135    11:01:45.234  06/05/14  Sev=Info/4 CM/0x6310000E

    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

    136    11:01:45.250  06/05/14  Sev=Info/4 IPSEC/0x63700008

    IPSec driver successfully started

    137    11:01:45.250  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    138    11:01:45.281  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    139    11:01:45.281  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

    140    11:01:45.281  06/05/14  Sev=Info/5 IKE/0x63000045

    RESPONDER-LIFETIME notify has value of 86400 seconds

    141    11:01:45.281  06/05/14  Sev=Info/5 IKE/0x63000047

    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

    142    11:01:45.296  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    143    11:01:45.296  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

    144    11:01:45.296  06/05/14  Sev=Info/4 CM/0x63100015

    Launch xAuth application

    145    11:01:53.625  06/05/14  Sev=Info/4 CM/0x63100017

    xAuth application returned

    146    11:01:53.625  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

    147    11:01:53.640  06/05/14  Sev=Info/4 CM/0x63100018

    User does not provide any authentication data

    148    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x63000001

    IKE received signal to terminate VPN connection

    149    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x63000017

    Marking IKE SA for deletion  (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB

    150    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

    151    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x6300004B

    Discarding IKE SA negotiation (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB

    152    11:01:53.640  06/05/14  Sev=Info/5 CM/0x63100025

    Initializing CVPNDrv

    153    11:01:53.640  06/05/14  Sev=Info/6 CM/0x63100046

    Set tunnel established flag in registry to 0.

    154    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    155    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    156    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    157    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x6370000A

    IPSec driver successfully stopped

    158    11:02:00.406  06/05/14  Sev=Info/4 CM/0x63100002

    Begin connection process

    159    11:02:00.421  06/05/14  Sev=Info/4 CM/0x63100004

    Establish secure connection

    160    11:02:00.421  06/05/14  Sev=Info/4 CM/0x63100024

    Attempt connection with server "com"

    161    11:02:00.421  06/05/14  Sev=Info/6 IKE/0x6300003B

    Attempting to establish a connection with x.x.x.x

    162    11:02:00.437  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

    163    11:02:00.750  06/05/14  Sev=Info/4 IPSEC/0x63700008

    IPSec driver successfully started

    164    11:02:00.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    165    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    166    11:02:01.015  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

    167    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer is a Cisco-Unity compliant peer

    168    11:02:01.109  06/05/14  Sev=Info/6 GUI/0x63B00012

    Authentication request attributes is 6h.

    169    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DPD

    170    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports DWR Code and DWR Text

    171    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports XAUTH

    172    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001

    Peer supports NAT-T

    173    11:02:01.031  06/05/14  Sev=Info/6 IKE/0x63000001

    IOS Vendor ID Contruction successful

    174    11:02:01.031  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

    175    11:02:01.031  06/05/14  Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA

    176    11:02:01.031  06/05/14  Sev=Info/4 IKE/0x63000083

    IKE Port in use - Local Port =  0x079E, Remote Port = 0x1194

    177    11:02:01.031  06/05/14  Sev=Info/5 IKE/0x63000072

    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device

    178    11:02:01.031  06/05/14  Sev=Info/4 CM/0x6310000E

    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

    179    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    180    11:02:01.078  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

    181    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x63000045

    RESPONDER-LIFETIME notify has value of 86400 seconds

    182    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x63000047

    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

    183    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = x.x.x.x

    184    11:02:01.078  06/05/14  Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

    185    11:02:01.078  06/05/14  Sev=Info/4 CM/0x63100015

    Launch xAuth application

    186    11:02:06.406  06/05/14  Sev=Info/4 CM/0x63100017

    xAuth application returned

    187    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

    188    11:02:06.406  06/05/14  Sev=Info/4 CM/0x63100018

    User does not provide any authentication data

    189    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000001

    IKE received signal to terminate VPN connection

    190    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000017

    Marking IKE SA for deletion  (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB

    191    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

    192    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x6300004B

    Discarding IKE SA negotiation (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB

    193    11:02:06.406  06/05/14  Sev=Info/5 CM/0x63100025

    Initializing CVPNDrv

    194    11:02:06.421  06/05/14  Sev=Info/6 CM/0x63100046

    Set tunnel established flag in registry to 0.

    195    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    196    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    197    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x63700014

    Deleted all keys

    198    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x6370000A

    IPSec driver successfully stopped




    • Edited by Dave Santel Thursday, June 5, 2014 10:41 PM
    Thursday, June 5, 2014 7:18 PM

Answers

  • Issue fixed.

    Needed to move Policy above the 2 defalut deny statements. Now works like a charm.

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          6/10/2014 8:30:09 AM
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      ma-utility.ccc.local
    Description:
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
     Security ID:   MOA\dsantel
     Account Name:   dsantel
     Account Domain:   MOA
     Fully Qualified Account Name: ccc.local/Users/David Santel

    Client Machine:
     Security ID:   NULL SID
     Account Name:   -
     Fully Qualified Account Name: -
     OS-Version:   -
     Called Station Identifier:  -
     Calling Station Identifier:  -

    NAS:
     NAS IPv4 Address:  10.1.6.3
     NAS IPv6 Address:  -
     NAS Identifier:   -
     NAS Port-Type:   Async
     NAS Port:   -

    RADIUS Client:
     Client Friendly Name:  Cisco1841
     Client IP Address:   10.1.6.3

    Authentication Details:
     Connection Request Policy Name: Use Windows authentication for all users
     Network Policy Name:  Connections to other access servers
     Authentication Provider:  Windows
     Authentication Server:  ma-utility.ccc.local
     Authentication Type:  PAP
     EAP Type:   -
     Account Session Identifier:  -
     Logging Results:   Accounting information was written to the local log file.
     Reason Code:   65
     Reason:    The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>6273</EventID>
        <Version>1</Version>
        <Level>0</Level>
        <Task>12552</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2014-06-10T15:30:09.502316600Z" />
        <EventRecordID>11968074</EventRecordID>
        <Correlation />
        <Execution ProcessID="728" ThreadID="3924" />
        <Channel>Security</Channel>
        <Computer>ma-utility.ccc.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-21-1533424131-1986884347-926709054-6533</Data>
        <Data Name="SubjectUserName">dsantel</Data>
        <Data Name="SubjectDomainName">MOA</Data>
        <Data Name="FullyQualifiedSubjectUserName">ccc.local/Users/David Santel</Data>
        <Data Name="SubjectMachineSID">S-1-0-0</Data>
        <Data Name="SubjectMachineName">-</Data>
        <Data Name="FullyQualifiedSubjectMachineName">-</Data>
        <Data Name="MachineInventory">-</Data>
        <Data Name="CalledStationID">-</Data>
        <Data Name="CallingStationID">-</Data>
        <Data Name="NASIPv4Address">10.1.6.3</Data>
        <Data Name="NASIPv6Address">-</Data>
        <Data Name="NASIdentifier">-</Data>
        <Data Name="NASPortType">Async</Data>
        <Data Name="NASPort">-</Data>
        <Data Name="ClientName">Cisco1841</Data>
        <Data Name="ClientIPAddress">10.1.6.3</Data>
        <Data Name="ProxyPolicyName">Use Windows authentication for all users</Data>
        <Data Name="NetworkPolicyName">Connections to other access servers</Data>
        <Data Name="AuthenticationProvider">Windows</Data>
        <Data Name="AuthenticationServer">ma-utility.ccc.local</Data>
        <Data Name="AuthenticationType">PAP</Data>
        <Data Name="EAPType">-</Data>
        <Data Name="AccountSessionIdentifier">-</Data>
        <Data Name="ReasonCode">65</Data>
        <Data Name="Reason">The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.</Data>
        <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
      </EventData>
    </Event>

    • Marked as answer by Dave Santel Tuesday, June 10, 2014 7:56 PM
    Tuesday, June 10, 2014 7:56 PM

All replies

  • Hi,

    According to your log, some errors occurred while authenticating. The error is “User does not provide any authentication data”. Have you consulted the cisco technical support with the meaning of this error?

    What’s your VPN server? Have you tested the connection between VPN server and Radius server? Have you tried to disable the firewall? Maybe it’s a firewall issue.

    Is there any deference between the configuration of 2003 and 2008?



    Steven Lee

    TechNet Community Support

    Friday, June 6, 2014 12:35 PM
  • I am using 2008 R2 NPS as radius server. 1841 ISR as VPN device. Here are debug loghs from Cisco 1841

    1430434: .Jun  9 2014 12:06:59.187 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430435: .Jun  9 2014 12:06:59.187 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/140
    1430436: .Jun  9 2014 12:06:59.191 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
    1430437: .Jun  9 2014 12:06:59.191 PDT: RADIUS:  authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
    1430438: .Jun  9 2014 12:06:59.191 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430439: .Jun  9 2014 12:06:59.191 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
    1430440: .Jun  9 2014 12:06:59.191 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
    1430441: .Jun  9 2014 12:06:59.191 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
    1430442: .Jun  9 2014 12:06:59.191 PDT: RADIUS: request  authen: 2669BD0BEF3749C79C551EABB4B4D105
    1430443: .Jun  9 2014 12:06:59.191 PDT: RADIUS: Response (140) failed decrypt
    1430444: .Jun  9 2014 12:07:05.246 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430445: .Jun  9 2014 12:07:05.246 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
    1430446: .Jun  9 2014 12:07:05.250 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
    1430447: .Jun  9 2014 12:07:05.250 PDT: RADIUS:  authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
    1430448: .Jun  9 2014 12:07:05.250 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430449: .Jun  9 2014 12:07:05.250 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
    1430450: .Jun  9 2014 12:07:05.250 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
    1430451: .Jun  9 2014 12:07:05.250 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
    1430452: .Jun  9 2014 12:07:05.250 PDT: RADIUS: request  authen: 2669BD0BEF3749C79C551EABB4B4D105
    1430453: .Jun  9 2014 12:07:05.254 PDT: RADIUS: Response (140) failed decrypt
    1430454: .Jun  9 2014 12:07:08.574 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp x.x.9.47(21303) -> x.x.109.122(5038), 1 packet
    1430455: .Jun  9 2014 12:07:09.826 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430456: .Jun  9 2014 12:07:09.826 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
    1430457: .Jun  9 2014 12:07:09.830 PDT: RADIUS: Received from id 1645/140 10.1.x.x:1645, Access-Reject, len 20
    1430458: .Jun  9 2014 12:07:09.830 PDT: RADIUS:  authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
    1430459: .Jun  9 2014 12:07:09.830 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430460: .Jun  9 2014 12:07:09.830 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
    1430461: .Jun  9 2014 12:07:09.830 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
    1430462: .Jun  9 2014 12:07:09.830 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
    1430463: .Jun  9 2014 12:07:09.830 PDT: RADIUS: request  authen: 2669BD0BEF3749C79C551EABB4B4D105
    1430464: .Jun  9 2014 12:07:09.830 PDT: RADIUS: Response (140) failed decrypt
    1430465: .Jun  9 2014 12:07:14.210 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430466: .Jun  9 2014 12:07:14.210 PDT: RADIUS: No response from (10.1.4.7:1645,1646) for id 1645/140
    Log Buffer (4096 bytes):
    6E7C
    1430534: .Jun  9 2014 12:09:50.586 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430535: .Jun  9 2014 12:09:50.586 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430536: .Jun  9 2014 12:09:50.590 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430537: .Jun  9 2014 12:09:50.590 PDT: RADIUS: Response (141) failed decrypt
    1430538: .Jun  9 2014 12:09:51.902 PDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
    1430539: .Jun  9 2014 12:09:55.638 PDT: %SEC-6-IPACCESSLOGP: list 112 denied tcp x.x.245.x(1602) -> x.32.x.x(445), 1 packet
    1430540: .Jun  9 2014 12:09:55.974 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
    1430541: .Jun  9 2014 12:09:55.974 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
    1430542: .Jun  9 2014 12:09:55.978 PDT: RADIUS: Received from id 1645/141 10.1.4.7:1645, Access-Reject, len 20
    1430543: .Jun  9 2014 12:09:55.978 PDT: RADIUS:  authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
    1430544: .Jun  9 2014 12:09:55.978 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430545: .Jun  9 2014 12:09:55.978 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
    1430546: .Jun  9 2014 12:09:55.978 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430547: .Jun  9 2014 12:09:55.978 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430548: .Jun  9 2014 12:09:55.978 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430549: .Jun  9 2014 12:09:55.978 PDT: RADIUS: Response (141) failed decrypt
    1430550: .Jun  9 2014 12:09:58.070 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 27.x.x.x(33281) -> 12.x.x.x(80), 1 packet
    1430551: .Jun  9 2014 12:10:00.326 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
    1430552: .Jun  9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.1.x.x:1645,1646 is not responding.
    1430553: .Jun  9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.1.x.x:1645,1646 is being marked alive.
    1430554: .Jun  9 2014 12:10:00.326 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/141
    1430555: .Jun  9 2014 12:10:00.330 PDT: RADIUS: Received from id 1645/141 10.1.x.x:1645, Access-Reject, len 20
    1430556: .Jun  9 2014 12:10:00.330 PDT: RADIUS:  authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
    1430557: .Jun  9 2014 12:10:00.330 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430558: .Jun  9 2014 12:10:00.330 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
    1430559: .Jun  9 2014 12:10:00.330 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430560: .Jun  9 2014 12:10:00.330 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430561: .Jun  9 2014 12:10:00.330 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430562: .Jun  9 2014 12:10:00.334 PDT: RADIUS: Response (141) failed decrypt
    1430563: .Jun  9 2014 12:10:01.713 PDT: %SEC-6-IPACCESSLOGDP: list 102 denied icmp 175.x.x.x -> x.x.x.104 (3/3), 1 packet
    1430564: .Jun  9 2014 12:10:05.841 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
    1430565: .Jun  9 2014 12:10:05.841 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
    1430566: .Jun  9 2014 12:10:05.845 PDT: RADIUS: Received from id 1645/141 10.x.x.x:1645, Access-Reject, len 20
    1430567: .Jun  9 2014 12:10:05.845 PDT: RADIUS:  authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
    1430568: .Jun  9 2014 12:10:05.845 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430569: .Jun  9 2014 12:10:05.845 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
    1430570: .Jun  9 2014 12:10:05.845 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430571: .Jun  9 2014 12:10:05.845 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430572: .Jun  9 2014 12:10:05.849 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430573: .Jun  9 2014 12:10:05.849 PDT: RADIUS: Response (141) failed decrypt

    Monday, June 9, 2014 7:36 PM
  • Hi,

    According to your log, the error is “Response failed decrypt”. It seems that the cisco device didn’t get the expected digest.

    You may consult the cisco technical support with the meaning of this error.

    If it’s a communication problem between NPS and NPS client, you may check the shared secret and vendor setting.

    For detailed information, please refer to the article below,

    Add a New RADIUS Client

    http://technet.microsoft.com/en-us/library/cc732929(v=WS.10).aspx

    Hope this helps.



    Steven Lee

    TechNet Community Support

    Tuesday, June 10, 2014 10:02 AM
  • Issue fixed.

    Needed to move Policy above the 2 defalut deny statements. Now works like a charm.

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          6/10/2014 8:30:09 AM
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      ma-utility.ccc.local
    Description:
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
     Security ID:   MOA\dsantel
     Account Name:   dsantel
     Account Domain:   MOA
     Fully Qualified Account Name: ccc.local/Users/David Santel

    Client Machine:
     Security ID:   NULL SID
     Account Name:   -
     Fully Qualified Account Name: -
     OS-Version:   -
     Called Station Identifier:  -
     Calling Station Identifier:  -

    NAS:
     NAS IPv4 Address:  10.1.6.3
     NAS IPv6 Address:  -
     NAS Identifier:   -
     NAS Port-Type:   Async
     NAS Port:   -

    RADIUS Client:
     Client Friendly Name:  Cisco1841
     Client IP Address:   10.1.6.3

    Authentication Details:
     Connection Request Policy Name: Use Windows authentication for all users
     Network Policy Name:  Connections to other access servers
     Authentication Provider:  Windows
     Authentication Server:  ma-utility.ccc.local
     Authentication Type:  PAP
     EAP Type:   -
     Account Session Identifier:  -
     Logging Results:   Accounting information was written to the local log file.
     Reason Code:   65
     Reason:    The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>6273</EventID>
        <Version>1</Version>
        <Level>0</Level>
        <Task>12552</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2014-06-10T15:30:09.502316600Z" />
        <EventRecordID>11968074</EventRecordID>
        <Correlation />
        <Execution ProcessID="728" ThreadID="3924" />
        <Channel>Security</Channel>
        <Computer>ma-utility.ccc.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-21-1533424131-1986884347-926709054-6533</Data>
        <Data Name="SubjectUserName">dsantel</Data>
        <Data Name="SubjectDomainName">MOA</Data>
        <Data Name="FullyQualifiedSubjectUserName">ccc.local/Users/David Santel</Data>
        <Data Name="SubjectMachineSID">S-1-0-0</Data>
        <Data Name="SubjectMachineName">-</Data>
        <Data Name="FullyQualifiedSubjectMachineName">-</Data>
        <Data Name="MachineInventory">-</Data>
        <Data Name="CalledStationID">-</Data>
        <Data Name="CallingStationID">-</Data>
        <Data Name="NASIPv4Address">10.1.6.3</Data>
        <Data Name="NASIPv6Address">-</Data>
        <Data Name="NASIdentifier">-</Data>
        <Data Name="NASPortType">Async</Data>
        <Data Name="NASPort">-</Data>
        <Data Name="ClientName">Cisco1841</Data>
        <Data Name="ClientIPAddress">10.1.6.3</Data>
        <Data Name="ProxyPolicyName">Use Windows authentication for all users</Data>
        <Data Name="NetworkPolicyName">Connections to other access servers</Data>
        <Data Name="AuthenticationProvider">Windows</Data>
        <Data Name="AuthenticationServer">ma-utility.ccc.local</Data>
        <Data Name="AuthenticationType">PAP</Data>
        <Data Name="EAPType">-</Data>
        <Data Name="AccountSessionIdentifier">-</Data>
        <Data Name="ReasonCode">65</Data>
        <Data Name="Reason">The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.</Data>
        <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
      </EventData>
    </Event>

    • Marked as answer by Dave Santel Tuesday, June 10, 2014 7:56 PM
    Tuesday, June 10, 2014 7:56 PM