Error: Client could not be authenticated because the EAP Type cannot be processed by the server


  • Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          10/9/2009 7:38:18 AM
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      dc.domain.tld
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

        Security ID:            DOMAIN\user
        Account Name:            DOMAIN\user
        Account Domain:            DOMAIN
        Fully Qualified Account Name:    DOMAIN\user

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        0023.eb1e.9650
        Calling Station Identifier:        001e.4c00.96fe

        NAS IPv4 Address:
        NAS IPv6 Address:        -
        NAS Identifier:            ap_6p
        NAS Port-Type:            Wireless - IEEE 802.11
        NAS Port:            1624

    RADIUS Client:
        Client Friendly Name:        WIFI-6
        Client IP Address:  

    Authentication Details:
        Proxy Policy Name:        Secure Wireless Connections
        Network Policy Name:        Secure Wireless Connections
        Authentication Provider:        Windows
        Authentication Server:        dc.domain.tld
        Authentication Type:        EAP
        EAP Type:            -
        Account Session Identifier:        -
        Reason Code:            22
        Reason:                The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

    In policy as well as in client we use "Secured password (EAP-MSCHAP v2)".
    Client runs Windows XP Professional SP3.
    Friday, October 09, 2009 5:32 AM


  • I don't believe the Cisco Aironet 1130 can do EAP-MSCHAPv2 alone. I believe it can only do PEAP-MSCHAPv2 (looking at the datasheets here) which is EAP-MSCHAPv2 in a protected SSL/TLS tunnel.
    Friday, October 09, 2009 9:27 PM

All replies