Remove From My Forums

2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560

Question
0

Sign in to vote
I am migrating our IAS server from 2003 R2 to 2008 R2 NPS that we use to authenticate VPN conenctions through AD. Currently works without issue on 2003 R2 server. Does not want to work on 2008 R2 NPS server.

We are using Cisco VPN client 5.0.03.0560 as the VPN client. Below is the log file when I try to connect. Can someone tell me what needs to be done on NPS to get this working? If more info is needed please ask and will supply.

Cisco Systems VPN Client Version 5.0.03.0560
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
Config file directory: C:\Program Files\Cisco Systems\VPN Client\

1      10:55:10.906 06/05/14 Sev=Info/4 CM/0x63100002

Begin connection process

2      10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100004

Establish secure connection

3      10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100024

Attempt connection with server ".com"

4      10:55:10.921 06/05/14 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x.x.x.

5      10:55:10.937 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

6      10:55:11.140 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

7      10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

8      10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

9      10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DPD

10     10:55:11.203 06/05/14 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

11     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text

12     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

13     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports NAT-T

14     10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful

15     10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

16     10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

17     10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x078F, Remote Port = 0x1194

18     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000072

Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

19     10:55:11.140 06/05/14 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

20     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

21     10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

22     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds

23     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000047

This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

24     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

25     10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

26     10:55:11.203 06/05/14 Sev=Info/4 CM/0x63100015

Launch xAuth application

27     10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

28     10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

29     10:55:15.484 06/05/14 Sev=Info/4 CM/0x63100017

xAuth application returned

30     10:55:15.484 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

31     10:55:21.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

32     10:55:31.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

33     10:55:41.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

34     10:55:51.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

35     10:55:52.593 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

36     10:55:52.593 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

37     10:55:52.609 06/05/14 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

38     10:55:52.593 06/05/14 Sev=Info/4 CM/0x63100015

Launch xAuth application

39     10:56:01.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

40     10:56:07.656 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

41     10:56:07.656 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

42     10:56:11.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

43     10:56:21.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

44     10:56:22.656 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

45     10:56:22.656 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

46     10:56:31.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

47     10:56:37.765 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

48     10:56:37.765 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

49     10:56:41.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

50     10:56:51.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

51     10:56:52.812 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

52     10:56:52.812 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

53     10:57:01.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

54     10:57:07.562 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

55     10:57:07.562 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x

56     10:57:11.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

57     10:57:21.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

58     10:57:31.218 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

59     10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100017

xAuth application returned

60     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

61     10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100018

User does not provide any authentication data

62     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

63     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB

64     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

65     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB

66     10:57:33.046 06/05/14 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

67     10:57:33.062 06/05/14 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

68     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

69     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

70     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

71     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

72     11:00:54.656 06/05/14 Sev=Info/4 CM/0x63100002

Begin connection process

73     11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100004

Establish secure connection

74     11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100024

Attempt connection with server ".com"

75     11:00:54.687 06/05/14 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x.x.x

76     11:00:54.703 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

77     11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

78     11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

79     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

80     11:00:54.953 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

81     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

82     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DPD

83     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text

84     11:00:55.015 06/05/14 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

85     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

86     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports NAT-T

87     11:00:54.953 06/05/14 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful

88     11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

89     11:00:54.968 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

90     11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x0798, Remote Port = 0x1194

91     11:00:54.968 06/05/14 Sev=Info/5 IKE/0x63000072

Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

92     11:00:54.968 06/05/14 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

93     11:00:55.000 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

94     11:00:55.000 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

95     11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds

96     11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000047

This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

97     11:00:55.015 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

98     11:00:55.015 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

99     11:00:55.015 06/05/14 Sev=Info/4 CM/0x63100015

Launch xAuth application

100    11:00:58.765 06/05/14 Sev=Info/4 CM/0x63100017

xAuth application returned

101    11:00:58.765 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

102    11:01:05.250 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

103    11:01:15.250 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

104    11:01:25.250 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

105    11:01:30.312 06/05/14 Sev=Info/6 GUI/0x63B0000D

Disconnecting VPN connection.

106    11:01:30.312 06/05/14 Sev=Info/4 CM/0x63100006

Abort connection attempt before Phase 1 SA up

107    11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

108    11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB

109    11:01:30.328 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

110    11:01:30.328 06/05/14 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB

111    11:01:30.328 06/05/14 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

112    11:01:30.328 06/05/14 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

113    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

114    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

115    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

116    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

117    11:01:44.875 06/05/14 Sev=Info/4 CM/0x63100002

Begin connection process

118    11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100004

Establish secure connection

119    11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100024

Attempt connection with server ".com"

120    11:01:44.906 06/05/14 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x.x.x

121    11:01:44.921 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

122    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

123    11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

124    11:01:45.296 06/05/14 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

125    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

126    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DPD

127    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text

128    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

129    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports NAT-T

130    11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful

131    11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

132    11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

133    11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x079B, Remote Port = 0x1194

134    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000072

Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

135    11:01:45.234 06/05/14 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

136    11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

137    11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

138    11:01:45.281 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

139    11:01:45.281 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

140    11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds

141    11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000047

This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

142    11:01:45.296 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

143    11:01:45.296 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

144    11:01:45.296 06/05/14 Sev=Info/4 CM/0x63100015

Launch xAuth application

145    11:01:53.625 06/05/14 Sev=Info/4 CM/0x63100017

xAuth application returned

146    11:01:53.625 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

147    11:01:53.640 06/05/14 Sev=Info/4 CM/0x63100018

User does not provide any authentication data

148    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

149    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB

150    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

151    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB

152    11:01:53.640 06/05/14 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

153    11:01:53.640 06/05/14 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

154    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

155    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

156    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

157    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

158    11:02:00.406 06/05/14 Sev=Info/4 CM/0x63100002

Begin connection process

159    11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100004

Establish secure connection

160    11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100024

Attempt connection with server "com"

161    11:02:00.421 06/05/14 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x.x.x

162    11:02:00.437 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

163    11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

164    11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

165    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

166    11:02:01.015 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

167    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

168    11:02:01.109 06/05/14 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

169    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DPD

170    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text

171    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

172    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001

Peer supports NAT-T

173    11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful

174    11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

175    11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

176    11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x079E, Remote Port = 0x1194

177    11:02:01.031 06/05/14 Sev=Info/5 IKE/0x63000072

Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

178    11:02:01.031 06/05/14 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

179    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

180    11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

181    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds

182    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000047

This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

183    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

184    11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

185    11:02:01.078 06/05/14 Sev=Info/4 CM/0x63100015

Launch xAuth application

186    11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100017

xAuth application returned

187    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

188    11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100018

User does not provide any authentication data

189    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

190    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB

191    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x

192    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB

193    11:02:06.406 06/05/14 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

194    11:02:06.421 06/05/14 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

195    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

196    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

197    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

198    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped
- Edited by Dave Santel Thursday, June 5, 2014 10:41 PM
Thursday, June 5, 2014 7:18 PM

Answers

0

Sign in to vote
Issue fixed.

Needed to move Policy above the 2 defalut deny statements. Now works like a charm.

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          6/10/2014 8:30:09 AM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      ma-utility.ccc.local
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID:   MOA\dsantel
Account Name:   dsantel
Account Domain:   MOA
Fully Qualified Account Name: ccc.local/Users/David Santel

Client Machine:
Security ID:   NULL SID
Account Name:   -
Fully Qualified Account Name: -
OS-Version:   -
Called Station Identifier:  -
Calling Station Identifier:  -

NAS:
NAS IPv4 Address:  10.1.6.3
NAS IPv6 Address:  -
NAS Identifier:   -
NAS Port-Type:   Async
NAS Port:   -

RADIUS Client:
Client Friendly Name:  Cisco1841
Client IP Address:   10.1.6.3

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name:  Connections to other access servers
Authentication Provider:  Windows
Authentication Server:  ma-utility.ccc.local
Authentication Type:  PAP
EAP Type:   -
Account Session Identifier:  -
Logging Results:   Accounting information was written to the local log file.
Reason Code:   65
Reason:    The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>6273</EventID>
    <Version>1</Version>
    <Level>0</Level>
    <Task>12552</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-06-10T15:30:09.502316600Z" />
    <EventRecordID>11968074</EventRecordID>
    <Correlation />
    <Execution ProcessID="728" ThreadID="3924" />
    <Channel>Security</Channel>
    <Computer>ma-utility.ccc.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="SubjectUserSid">S-1-5-21-1533424131-1986884347-926709054-6533</Data>
    <Data Name="SubjectUserName">dsantel</Data>
    <Data Name="SubjectDomainName">MOA</Data>
    <Data Name="FullyQualifiedSubjectUserName">ccc.local/Users/David Santel</Data>
    <Data Name="SubjectMachineSID">S-1-0-0</Data>
    <Data Name="SubjectMachineName">-</Data>
    <Data Name="FullyQualifiedSubjectMachineName">-</Data>
    <Data Name="MachineInventory">-</Data>
    <Data Name="CalledStationID">-</Data>
    <Data Name="CallingStationID">-</Data>
    <Data Name="NASIPv4Address">10.1.6.3</Data>
    <Data Name="NASIPv6Address">-</Data>
    <Data Name="NASIdentifier">-</Data>
    <Data Name="NASPortType">Async</Data>
    <Data Name="NASPort">-</Data>
    <Data Name="ClientName">Cisco1841</Data>
    <Data Name="ClientIPAddress">10.1.6.3</Data>
    <Data Name="ProxyPolicyName">Use Windows authentication for all users</Data>
    <Data Name="NetworkPolicyName">Connections to other access servers</Data>
    <Data Name="AuthenticationProvider">Windows</Data>
    <Data Name="AuthenticationServer">ma-utility.ccc.local</Data>
    <Data Name="AuthenticationType">PAP</Data>
    <Data Name="EAPType">-</Data>
    <Data Name="AccountSessionIdentifier">-</Data>
    <Data Name="ReasonCode">65</Data>
    <Data Name="Reason">The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.</Data>
    <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
</EventData>
</Event>
- Marked as answer by Dave Santel Tuesday, June 10, 2014 7:56 PM
Tuesday, June 10, 2014 7:56 PM

All replies

0

Sign in to vote

Hi,

According to your log, some errors occurred while authenticating. The error is “User does not provide any authentication data”. Have you consulted the cisco technical support with the meaning of this error?

What’s your VPN server? Have you tested the connection between VPN server and Radius server? Have you tried to disable the firewall? Maybe it’s a firewall issue.

Is there any deference between the configuration of 2003 and 2008?

Steven Lee

TechNet Community Support

Friday, June 6, 2014 12:35 PM
0

Sign in to vote

I am using 2008 R2 NPS as radius server. 1841 ISR as VPN device. Here are debug loghs from Cisco 1841

1430434: .Jun 9 2014 12:06:59.187 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430435: .Jun 9 2014 12:06:59.187 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/140
1430436: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430437: .Jun 9 2014 12:06:59.191 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430438: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430439: .Jun 9 2014 12:06:59.191 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430440: .Jun 9 2014 12:06:59.191 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430441: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430442: .Jun 9 2014 12:06:59.191 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430443: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Response (140) failed decrypt
1430444: .Jun 9 2014 12:07:05.246 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430445: .Jun 9 2014 12:07:05.246 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430446: .Jun 9 2014 12:07:05.250 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430447: .Jun 9 2014 12:07:05.250 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430448: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430449: .Jun 9 2014 12:07:05.250 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430450: .Jun 9 2014 12:07:05.250 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430451: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430452: .Jun 9 2014 12:07:05.250 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430453: .Jun 9 2014 12:07:05.254 PDT: RADIUS: Response (140) failed decrypt
1430454: .Jun 9 2014 12:07:08.574 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp x.x.9.47(21303) -> x.x.109.122(5038), 1 packet
1430455: .Jun 9 2014 12:07:09.826 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430456: .Jun 9 2014 12:07:09.826 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430457: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Received from id 1645/140 10.1.x.x:1645, Access-Reject, len 20
1430458: .Jun 9 2014 12:07:09.830 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430459: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430460: .Jun 9 2014 12:07:09.830 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430461: .Jun 9 2014 12:07:09.830 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430462: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430463: .Jun 9 2014 12:07:09.830 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430464: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Response (140) failed decrypt
1430465: .Jun 9 2014 12:07:14.210 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430466: .Jun 9 2014 12:07:14.210 PDT: RADIUS: No response from (10.1.4.7:1645,1646) for id 1645/140
Log Buffer (4096 bytes):
6E7C
1430534: .Jun 9 2014 12:09:50.586 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430535: .Jun 9 2014 12:09:50.586 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430536: .Jun 9 2014 12:09:50.590 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430537: .Jun 9 2014 12:09:50.590 PDT: RADIUS: Response (141) failed decrypt
1430538: .Jun 9 2014 12:09:51.902 PDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
1430539: .Jun 9 2014 12:09:55.638 PDT: %SEC-6-IPACCESSLOGP: list 112 denied tcp x.x.245.x(1602) -> x.32.x.x(445), 1 packet
1430540: .Jun 9 2014 12:09:55.974 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430541: .Jun 9 2014 12:09:55.974 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430542: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Received from id 1645/141 10.1.4.7:1645, Access-Reject, len 20
1430543: .Jun 9 2014 12:09:55.978 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430544: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430545: .Jun 9 2014 12:09:55.978 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430546: .Jun 9 2014 12:09:55.978 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430547: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430548: .Jun 9 2014 12:09:55.978 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430549: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Response (141) failed decrypt
1430550: .Jun 9 2014 12:09:58.070 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 27.x.x.x(33281) -> 12.x.x.x(80), 1 packet
1430551: .Jun 9 2014 12:10:00.326 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430552: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.1.x.x:1645,1646 is not responding.
1430553: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.1.x.x:1645,1646 is being marked alive.
1430554: .Jun 9 2014 12:10:00.326 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/141
1430555: .Jun 9 2014 12:10:00.330 PDT: RADIUS: Received from id 1645/141 10.1.x.x:1645, Access-Reject, len 20
1430556: .Jun 9 2014 12:10:00.330 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430557: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430558: .Jun 9 2014 12:10:00.330 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430559: .Jun 9 2014 12:10:00.330 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430560: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430561: .Jun 9 2014 12:10:00.330 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430562: .Jun 9 2014 12:10:00.334 PDT: RADIUS: Response (141) failed decrypt
1430563: .Jun 9 2014 12:10:01.713 PDT: %SEC-6-IPACCESSLOGDP: list 102 denied icmp 175.x.x.x -> x.x.x.104 (3/3), 1 packet
1430564: .Jun 9 2014 12:10:05.841 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430565: .Jun 9 2014 12:10:05.841 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430566: .Jun 9 2014 12:10:05.845 PDT: RADIUS: Received from id 1645/141 10.x.x.x:1645, Access-Reject, len 20
1430567: .Jun 9 2014 12:10:05.845 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430568: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430569: .Jun 9 2014 12:10:05.845 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430570: .Jun 9 2014 12:10:05.845 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430571: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430572: .Jun 9 2014 12:10:05.849 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430573: .Jun 9 2014 12:10:05.849 PDT: RADIUS: Response (141) failed decrypt

Monday, June 9, 2014 7:36 PM
0

Sign in to vote

Hi,

According to your log, the error is “Response failed decrypt”. It seems that the cisco device didn’t get the expected digest.

You may consult the cisco technical support with the meaning of this error.

If it’s a communication problem between NPS and NPS client, you may check the shared secret and vendor setting.

For detailed information, please refer to the article below,

Add a New RADIUS Client

http://technet.microsoft.com/en-us/library/cc732929(v=WS.10).aspx

Hope this helps.

Steven Lee

TechNet Community Support

Tuesday, June 10, 2014 10:02 AM
0

Sign in to vote
Issue fixed.

Needed to move Policy above the 2 defalut deny statements. Now works like a charm.

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          6/10/2014 8:30:09 AM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      ma-utility.ccc.local
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID:   MOA\dsantel
Account Name:   dsantel
Account Domain:   MOA
Fully Qualified Account Name: ccc.local/Users/David Santel

Client Machine:
Security ID:   NULL SID
Account Name:   -
Fully Qualified Account Name: -
OS-Version:   -
Called Station Identifier:  -
Calling Station Identifier:  -

NAS:
NAS IPv4 Address:  10.1.6.3
NAS IPv6 Address:  -
NAS Identifier:   -
NAS Port-Type:   Async
NAS Port:   -

RADIUS Client:
Client Friendly Name:  Cisco1841
Client IP Address:   10.1.6.3

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name:  Connections to other access servers
Authentication Provider:  Windows
Authentication Server:  ma-utility.ccc.local
Authentication Type:  PAP
EAP Type:   -
Account Session Identifier:  -
Logging Results:   Accounting information was written to the local log file.
Reason Code:   65
Reason:    The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>6273</EventID>
    <Version>1</Version>
    <Level>0</Level>
    <Task>12552</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-06-10T15:30:09.502316600Z" />
    <EventRecordID>11968074</EventRecordID>
    <Correlation />
    <Execution ProcessID="728" ThreadID="3924" />
    <Channel>Security</Channel>
    <Computer>ma-utility.ccc.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="SubjectUserSid">S-1-5-21-1533424131-1986884347-926709054-6533</Data>
    <Data Name="SubjectUserName">dsantel</Data>
    <Data Name="SubjectDomainName">MOA</Data>
    <Data Name="FullyQualifiedSubjectUserName">ccc.local/Users/David Santel</Data>
    <Data Name="SubjectMachineSID">S-1-0-0</Data>
    <Data Name="SubjectMachineName">-</Data>
    <Data Name="FullyQualifiedSubjectMachineName">-</Data>
    <Data Name="MachineInventory">-</Data>
    <Data Name="CalledStationID">-</Data>
    <Data Name="CallingStationID">-</Data>
    <Data Name="NASIPv4Address">10.1.6.3</Data>
    <Data Name="NASIPv6Address">-</Data>
    <Data Name="NASIdentifier">-</Data>
    <Data Name="NASPortType">Async</Data>
    <Data Name="NASPort">-</Data>
    <Data Name="ClientName">Cisco1841</Data>
    <Data Name="ClientIPAddress">10.1.6.3</Data>
    <Data Name="ProxyPolicyName">Use Windows authentication for all users</Data>
    <Data Name="NetworkPolicyName">Connections to other access servers</Data>
    <Data Name="AuthenticationProvider">Windows</Data>
    <Data Name="AuthenticationServer">ma-utility.ccc.local</Data>
    <Data Name="AuthenticationType">PAP</Data>
    <Data Name="EAPType">-</Data>
    <Data Name="AccountSessionIdentifier">-</Data>
    <Data Name="ReasonCode">65</Data>
    <Data Name="Reason">The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.</Data>
    <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
</EventData>
</Event>
- Marked as answer by Dave Santel Tuesday, June 10, 2014 7:56 PM
Tuesday, June 10, 2014 7:56 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560

Question

Answers

All replies