none
Windows 2012 NPS DHCP IP adopting issue at client Network Adapter RRS feed

  • Question

  • Hi,

    I have setup Radius Server with ADCS self signed certificate(for NPS Client Authentication) at my lab session, its working fine but the issue is when client gets connected to WiFi Network it authenticate\authorizes but the IP at client network is not getting adopted, though the DHCP Server distributes the IP to that client.

    To conquer this when i Stop the NPS service for a while e.g a min or two then the distributed IP gets assigned to that client Network, after it i use to re-start the service again.

    The same i use to repeat for all the client who all connects to  my WiFi network.

    Do anyone have the idea what might be this issue??Can anyone please help me to solve this!!

    Thanks in advance


    Mohammed...

    Monday, March 25, 2019 4:20 PM

All replies

  • Hi,

    What is your AP? a router?

    Have you configured IP helper or relay agent on your AP?

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 26, 2019 2:25 AM
    Moderator
  • I am using UniFi Access Point, configured the DHCP Relay at firewall directing the IP request to divert to my Windows DHCP Server for IP distribution.

    At AP enabled & Configured the option DHCP Guarding, where in entered my Windows DHCP Server IP.

    Is it so the case am using self signed certificate instead of genuine certificate????

    Can anyone please suggest me!


    Mohammed...


    • Edited by Mohammed_Jaz Tuesday, March 26, 2019 10:14 AM one more point included
    Tuesday, March 26, 2019 6:13 AM
  • Hi,

    I don't think the issue is related to certificate.

    client gets connected to WiFi Network it authenticate\authorizes but the IP at client network is not getting adopted   

    How can the client connect to WIFI without an IP address? Could you show me a screenshot?

    Any radius log in event viewer?

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, March 27, 2019 5:25 AM
    Moderator
  • Hi Travis,

    I mean to say is when client connects to WiFi Network, network adapter status at client PC shows unidentified APIPA 169.254.x.x range ip finds and it displays identifying......

    When i check at DHCP Server i can find dhcp have distributed the IP properly but the client is not getting adopt, during this when i disable the NPS service for a while identifying network changes to IP address what is distributed from DHCP.

    After it can able to network resources, the issue is for every client connecting i have to do the same STOP\START.



    When i Check under my DHCP Server ---> Address Lease can find the IP being distributed, after it when i disable the NPS Service that IP gets adopted.

    Below images also for reference.


    This is my DHCP Server log i founded now. Any help please!!!

    30,03/28/19,12:13:45,DNS Update Request,192.168.30.2,NKC-Rep154.my.domain.com,,,0,6,,,,,,,,,0
    33,03/28/19,12:13:45,Packet dropped,,NKC-Rep154.my.domain.com,20E91707C0CB,,3979433084,2,,,,,,,,,0
    31,03/28/19,12:13:46,DNS Update Failed,192.168.30.2,NKC-Rep154.my.domain.com.in,,,0,6,,,,,,,,,9005

    For the above issue i created one more Reverse LookUp Zone under my DNS for the IP 192.168.30.X network, now few of the domain PCs DNS Update Shows success, i have mixed environment both Domain and Workgroup, other Domain PC too, same domain PC having no issue as the DNS Updates automatically gets update on both Reverse\Forward Lookup zone by name eg: newpc.mydomain.com where as other domain PC can just able to update its Reverse Lookup zone like 192.168.30.5 2ndpc.otherdomain.local

    Still the IP are getting adopted after the restart of NPS Service only

    Also i noticed now after the client shows Authenticated successfully after it immediately received Access denied error attachment for reference.

    Mohammed...




    • Edited by Mohammed_Jaz Thursday, March 28, 2019 8:01 AM one more point added
    Thursday, March 28, 2019 6:12 AM
  • Hi,

    Thanks for your reply.

    How did you configure the NPS policy? I saw DHCP scopes with VLANs from your screenshot, so did you configure network policy for VLANs?

    Please refer to the link below:

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure

    However, the radius log didn't provide useful information.

    I believe that troubleshoot the issue requires some hands on access.

     My suggestion is to contact Microsoft Support to get them involved in checking your configuration.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 29, 2019 7:18 AM
    Moderator
  • I have VLAN configured for my network, even without vlan also i were facing the same issue.

    There is no issue with VLAN configuration as have configured perfectly, DHCP distributes the IP but client is not adopting unless i stop the NPS service.

    This is the issue i am facing, when DHCP response to client, client not accepting the IP unless the NPS is stopped, at event viewer i do not get any error it says Client health policy is verified and given full access.

    I have 2 DHCP active in my network one is modem that act as WiFi as well DHCP Server, when some client connect to particular SSID eg:Office-Wifi it distributes the IP from its table other than that i have 2 more SSID configured under UniFi AP for which i have configured Windows DHCP Server for IP distribution, is it so the case because of having 2 DHCP in the network client are not receiving IP though after broadcasting with my Windows DHCP Server and assigning after i stop the NPS service???

    Mohammed...



    • Edited by Mohammed_Jaz Saturday, March 30, 2019 2:43 PM DHCP Changes
    Saturday, March 30, 2019 4:37 AM
  • Hi Travis,

    Thanks for your replies so far, while watching networking monitoring tool at client Windows 7 PC i found the clients at first priority are trying to request IP from DHCP Hardware devices instead of Windows DHCP server which is configured as DHCP Relay at my firewall, eg like i have WiFi-Modem that is configured to work as DHCP server too, so what i did now is instead of configuring DHCP Relay at my firewall, i configured two DHCP Network at my firewall itself(rather than in windows dhcp server)now when the client try to connects to SSID according to its VLAN ID now firewall is distributing the IP.

    At my AP there is no option for denoting the DHPC Server details when client connects it broadcast the packet to any DHCP available server to fetch the IP, during this time only client request the IP from hardware dhcp device not with windows dhpc.

    During this scenario only when i disable the NPS service client obtains the IP, any help!!

    Mohammed...


    • Edited by Mohammed_Jaz Monday, April 1, 2019 5:37 AM few more points
    Monday, April 1, 2019 4:22 AM
  • Hi,

    I found a link that might be helpful to you:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348513(v=ws.10) 

    I would suggest you check the policy conditions of the network policy.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 1, 2019 9:08 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, April 4, 2019 7:05 AM
    Moderator
  • Thanks for the interrogation Travis, i resolved the issue as in my environment we had Windows DHCP Server and few other Modem\Router acting as DHCP IP distributor while monitoring the activity using Windows Network Monitor i found my Radius clients are trying to get IP from Hardware DHCP device instead of Windows DHCP Server, so i disabled my Windows DHCP and configured the hardware DHCP to issue IP base on VLAN ID, its working fine now..

    Thanks for your support and help!


    Mohammed...

    Friday, May 17, 2019 4:05 AM
  • Hi,

    Good to hear that you have solved this issue by yourself. In addition, thanks for sharing your solution in the forum as it would be helpful to anyone who encounters similar issues.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 17, 2019 8:50 AM
    Moderator