none
RADIUS packets seeming to be ignored on Server 2016 with Network Policy Server installed and configured for Radius RRS feed

  • Question

  • Just as whats on the tin: Radius packets seeming to be ignored on Server 2016 with Network Policy Server installed and configured for RADIUS. I have a AP setup to use RADIUS to authenticate clients and a Server 2016 setup as a DC with network policy server configured with a policy for Radius wireless clients, In Wireshark the initial access request packet it sent several times with a delay in between each, and with the server not responding. In the Security event log there is nothing involving network policy server and appears to be a firewall issue however the firewall has the allow rules for RADIUS in it.

    Feel no hesitation to ask be to send specific screenshots for more info, I thank you for your answer in advanced.


    Friday, August 10, 2018 9:25 AM

All replies

  • Hi,

    Thanks for your question.

    • Turn off the firewall and check the result.
    • check the configuration of the radius.Please refer to the link below:

    https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise  

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, August 13, 2018 7:32 AM
    Moderator
  • I have tried entirely disabling the windows firewall on the NPS server to no avail. I understand how Radius works and have followed many a tutorials however none of them have fixed it, after my first post I failed to do the integration with AD DS however that did not fix the issue. As I orignally said in a packet recording software installed on the server named Wireshark I can see the initial RADIUS Access Request and the server doesn't respond. I have tried many things including even changing the shared key to just the letter 'a' [Don't worry, I have a isolated VLAN for this testing.]
    Tuesday, August 14, 2018 12:13 AM
  • Hi,

    Thanks for your reply.

    Have you seen the radius.log file? Maybe the error is ignoring request 1645. 

    Try to remove 1645 and 1646 ports in NPS configuration.

    Please refer to the links below:

    https://social.technet.microsoft.com/Forums/lync/en-US/ebccd636-c720-4d3f-b4f3-0dcd059b96f3/nps-does-not-reply-to-radius-request?forum=winservergen  

    http://freeradius.1045715.n5.nabble.com/Error-Ignoring-request-from-unknown-client-IP-1645-td2758267.html 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, August 14, 2018 8:00 AM
    Moderator
  • I tried removing ports 1645 and 1646 in the NPS to no avail.

    Responding to your port suggestion/first link; They are on the same VLAN with no routers in between just the AP, the Server and my PC connected to the same VLAN on two different switches trucked together with every node being able to ping each other and no ACLs in place whatsoever.

    Responding to your question/second link; There are no logs in C:\Windows\System32\LogFiles relating to NPS even though NPS has [under the accounting tab] the logs set to be located there. The Security Event Log shows nothing relating to RADIUS.

    I have no idea what is causing this or where to look.

    Wednesday, August 15, 2018 11:07 AM
  • Hi,

    Thanks for your reply.

    I am trying to involve someone familiar with this topic to further look at this issue. If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible. 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, August 16, 2018 9:08 AM
    Moderator
  • Problem still not solved? I have exactly same symptoms.
    Tuesday, April 23, 2019 3:20 PM
  • I tried to disable firewall without success. But strangely, this post helped me - https://www.reddit.com/r/PFSENSE/comments/a71wo1/radius_authentication_on_windows_server_nps_not/


    Wednesday, April 24, 2019 7:03 AM
  • Same here. Add specific firewall opening for 1812 udp, and your off :)
    Thursday, May 16, 2019 8:55 AM