Configuring NPS to work with Windows 7 client

• Question

• 

  

  0

  Sign in to vote

  Hi All,

  I have been trying to setup my Windows 2008 R2 server with NPS with a Linksys E3000 router that is running TomatoUSB firmware and I can get clients such as WinXP, iPhone, Android and MAC to connect to the Linksys E3000 router without issue but I am having difficulty getting Windows 7 SP1 client to connect.

  This is my RADIUS client setting:

  Friendly Name: Radius Server

  Address: 10.25.1.229

  Shared Secret : Select an existing Shared Secrets template: None

  Shared Secret: Manual

  Vendor Name: RADIUS Standard

  Connection Request Policies: Overview
  

  Policy Name: Use Windows authentication for all users

  Policy State: Policy Enabled

  Network Connection method: Type of network access server: Unspecified
  

  Connection Request Policies: Conditions

  Day and time restrictions: 24x7 Permitted

  Connection Request Policies: Settings

  Authentication Provider: Local Computer

  Override Authentication: Disabled
  

  Network Policy: Overview

  Policy Name: Radius Access Policy

  Policy State: Policy Enabled

  Access Permission

  - Grant Access.

  - Ignore user account dial-in properties

  Network connection method

  Type of network access server: Unspecified

  Network Policy: Conditions

  - Windows Groups

  - NAS Port Type: Wireless - IEEE 802.11

  Network Policy: Constraints

  Authentication Methods

  - EAP Types: Microsoft Protected EAP (PEAP)

  -- Less secure authentication methods:

  ----Microsoft Encrypted Authentication version 2 (MS-CHAP-v2), User can change password after it has expired

  ----Microsoft Encrypted Authentication (MS-CHAP), User can change password after it has expired

  NAS Port Type

  - Wireless - IEEE 802.11

  Network Policy: Settings

  - RADIUS Attributes: Standard

  --- Service-Type: Framed

  - Network Access Protection: NAP Enforcement
  

  --- Allow full network access

  --- Enable auto-remediation of client computers

  - Routing and Remote Access: Multilink and Bandwidth Allocation Protocol (BAP)

  --- Server settings determine multilink usage

  --- Percentage of capacity: 50

  --- Period of time: 2 min

  - Routing and Remote Access: Encryption

  --- Strongest encryption (MPPE 128 bit)

  - Routing and Remote Access: IP Settings

  --- Server settings determine IP address assignment
  

  On my windows 7 machine I configured a network profile as follows:

  Security Type: WPA2-Enterprise

  Encryption type: AES

  Choose a network authentication method: Microsoft Protected EAP (PEAP)

  -- No validate server certificate

  -- Select Authentication Method: Secured password (EAP-MSCHAP v2)

  -- Enable Fast Reconnect
  

  
  

  I have allowed UDP ports for 1812,1813, 1645 and 1646 on my Windows 2008 server and have disabled my firewall on my windows 7 machine.

  I opened my event viewer and look at the operational log at "Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig" and these are the events logged:

  Wireless security started.
  Network Adapter: Intel(R) WiFi Link 1000 BGN
  Interface GUID: {604bd8bd-8a9e-4175-ac7d-13bb8eacae3e}
  Local MAC Address: 74:E5:0B:0D:99:48
  Network SSID: Tomato24
  BSS Type: Infrastructure
  Peer MAC Address: C0:C1:C0:4F:23:6E
  Authentication: WPA2-Enterprise
  Encryption: AES
  FIPS Mode: Disabled
  802.1x Enabled: Yes

  ------------------------------------------------
  

  Wireless 802.1x authentication was restarted.
  Network Adapter: Intel(R) WiFi Link 1000 BGN
  Interface GUID: {604bd8bd-8a9e-4175-ac7d-13bb8eacae3e}
  Local MAC Address: 74:E5:0B:0D:99:48
  Network SSID: Tomato24
  BSS Type: Infrastructure
  Peer MAC Address: C0:C1:C0:4F:23:6E
  Eap Information: Type 25, Vendor ID 0, Vendor Type 0, Author ID 0
  Restart Reason: Onex Auth Timeout

  ------------------------------------------------

  Wireless 802.1x authentication failed.
  
  Network Adapter: Intel(R) WiFi Link 1000 BGN
  Interface GUID: {604bd8bd-8a9e-4175-ac7d-13bb8eacae3e}
  Local MAC Address: 74:E5:0B:0D:99:48
  Network SSID: Tomato24
  BSS Type: Infrastructure
  Peer MAC Address: C0:C1:C0:4F:23:6E
  Identity: host/SGOOL042.ong-ong.internal
  User:
  Domain:
  Reason: There was no response to the EAP Response Identity packet.
  Error: 0x0
  EAP Reason: 0x0
  EAP Root cause String:
  EAP Error: 0x0
  

  ------------------------------------------------
  

  WLAN AutoConfig service failed to connect to a wireless network.
  Network Adapter: Intel(R) WiFi Link 1000 BGN
  Interface GUID: {604bd8bd-8a9e-4175-ac7d-13bb8eacae3e}
  Connection Mode: Manual connection with a profile
  Profile Name: Tomato24
  SSID: Tomato24
  BSS Type: Infrastructure
  Failure Reason:The specific network is not available.
  ------------------------------------------------
  

  The interface setting on my Linksys E3000 router:

  Wireless Mode: Access Point

  Wireless Network mode: B/G mixed

  SSID: Tomato24

  Channel: 6 - 2.437GHz

  Broadcast enabled

  Channel width: 20 MHz

  Security: WPA2 Enterprise

  Encryption: AES

  Group Key Renewal: 3600 seconds

  Radius Server 10.25.1.127:1812

  Can someone tell me if I have missed out something? Why is it that Windows 7 client cannot connect to my Linksys router?

  Thanks & Regards.

  
  

  Wednesday, February 27, 2013 12:28 PM