IAS to NPS
Hi
I change my Radius from MS IAS to MS NPS. The wired 802.1x works fine but the wireless 802.1x doesent work. AP1250's radius debug is attached.
Obs: On IAS everything works fine
Hi,
According to your description, my understanding is that you want to know if the tool IASmigreader will interrupt service when exporting configuration of IAS.
Use IASmigreader to export the configuration settings of IAS will not affect the service. At an elevated command prompt, type iasmigreader.exe, and then press ENTER. The migration tool will automatically export settings to a text file. Reference:
http://blogs.technet.com/b/omers/archive/2012/11/04/windows-2003-ias-radius-migration-to-windows-2008-r2-nps.aspx
Deploying the NPS server with a different host name and IP address, then there is no impact to the IAS server.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
How do I interpret VSAs in an IAS-formatted NPS log file?
I see these VSAs in my request to the RADIUS server:
AVP: l=40 t=Vendor-Specific(26) v=Microsoft(311)
VSA: l=34 t=MS-Machine-Name(50): WIN4ABC.xyz.net
AVP: l=12 t=Vendor-Specific(26) v=Microsoft(311)
VSA: l=6 t=MS-Network-Access-Server-Type(47): Terminal-Server-Gateway(1)
I believe NPS logs them as:
8138,WIN4ABC.xyz.net
8132,1
How can I translate 8138 and 8132 back into RADIUS formats?Hi,
8132 means attribute ID "MS_ATTRIBUTE_NETWORK_ACCESS_SERVER_TYPE".
8138 means attribute ID "MS_ATTRIBUTE_MACHINE_NAME".
For detailed infor mation about attribute ID enumeration, please refer to the link below,
http://msdn.microsoft.com/en-us/library/bb960612(v=vs.85).aspx
Best Regards.
Steven Lee
TechNet Community Support -
NPS Authentication Methods - EAP Types
We are moving from IAS to NPS and are configuring the policy like it was in IAS. When we click on the Constraints tab > Authentication Methods > and then highlight Microsoft: Protected EAP (PEAP) and click Edit we get an error "The data is
invalid". How do we fix this error? There are no errors in the event viewer for NPS.Hi MarkNDOR,
Thanks for posting here.
We’d suggest to smoothly migrate IAS to NPS with following the guide in the link below without manually recreate all polices, it was also included the
Iasmigreader.exe utility which will help to transfer the IAS policies to NPS compatible file type:
NPS Migration Guide
http://technet.microsoft.com/en-us/library/ee791849(WS.10).aspx
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Microsoft NPS vs. Cisco ACS matrix
Hi there,
is there a matrix that compares the NPS vs. ACS to see the advantages or disadvantages of the products.
e.g. I see that I can access only one domain, we have the problem that we have some domains we need to ask for access groups. They have a trust between each other but I'm not sure if that will work. Another topic is reporting and troubleshooting.
would be cool to get some informations, better a matrix to see the differents.
thanks friends.
regards,
SebastianSebastian,
You may want to engage a local partner or account SE. I have worked with both boxes and here is the personal differences that I have seen between ACS and IAS (or NPS).
There is a better support community with respect to ACS, the documentation is much clearer when it comes to configuring ACS. You can always call TAC and can get someone on the phone for support.
ACS supports tacacs which IAS does not.
ACS joins to your domain and can authenticate to other databases like RSA, token servers, ldap, and it also has an internal database you can authenticate against. As long as the trusts are configured correctly ACS is able to authenticate in between the two domains.
ACS doesnt run on windows so the fear of installing hotfixes and patches in order to meet windows audit requirements is no longer necessary.
The reporting features are much easier to work with rather than NPS.
thanks,
Tarik Admani -
802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication
I am a network administrator at seven schools, and a few of these schools are now using 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication only, for wireless security.
We are a mixture of 2008 and 2003 (Windows Domain) servers running IAS or NPS for RADIUS.
I push out the wireless client’s setting via group policy, and the clients are using WZC.
Every now and then, a client will be unable to authenticate/validate during the authentication phase.
Some clients this will never happen to and a few it will happen repeatedly.
To fix this I have to hard wire the computer and do a gpupdate, even though the computer already had the updates applied previously, and is still part of the domain.
Many of our classrooms lack network drops, so wireless is the best for us.
Except for this one downfall, it is working great. Any help is appreciated.Hi Ryan,
Thanks for posting here.
Could you discuss the situation that you mentioned “a client will be unable to authenticate/validate during the authentication phase.
Some clients this will never happen to and a few it will happen repeatedly. ”
in detail ? Can you verify if there is any error or warring that relate with this authentication issue recorded in event log on client and radius server ?
Only certain computers are facing this issue or all?
What’s OS running on these client computers?
According the situation right now , I’d like to share some suggections with you:
1. An 802.1x client may fail to connect to an Radius server if the Trusted Root CA certificate that issued the Radius server certificate is not installed on
the client computer. Either verify that the trusted root authority is installed on the client computer or disable certificate validation on the client. To disable certificate validation, access the properties of the connection, and on the Authentication tab,
click Properties. Click to clear the Validate server certificate check box. EAP-TLS requires the installation of a computer certificate on each RADIUS server and a computer or user certificate, or smart card on all clients. PEAP-MS-CHAPv2 requires the installation
of a computer certificate on each RADIUS server and the root CA certificates of the issuing CAs of the RADIUS server certificate on each of the client computers.
2. Verify that Radius is configured for the logging of rejected authentication attempts to the event log. Try the connection again, and then check the system
event log for an IAS event for the failed connection attempt. Use the information in the log to determine the reason the connection attempt was either rejected or discarded. Logging options are configured on the General tab of the Radius server Properties
dialog.
3. Any rejected or discarded connection attempt recorded should identify the Connection Request Policy used. A RADIUS request message is processed only if the
settings of the incoming RADIUS request message match at least one of the connection request policies. Examine the conditions of the policy identified to see where the request fails.
4. Determine from the IAS system event log entries whether the authentication failure is for computer auth, user auth, or both. By default, Windows performs
an 802.1x authentication with computer credentials before displaying the Windows logon screen. Another authentication with user credentials is performed after the user has logged on, and if this fails the machine will be disconnected from the network. Similarly,
if computer authentication fails but user auth is successful, symptoms will include failure to process login scripts or apply group policies and machine password expiration will not be updated since the user will only be able to logon with cached credentials.
If you use a smart card for authentication, you can only perform user authentication because smart card usage requires manual entry of a personal identification number (PIN). There is no way to provide the PIN to unlock the smart card certificate during computer
authentication.
5. Examine the wireless trace logs captured and search for keywords error, failed, failure, or rejected. This should give an indication as to what point in the
authentication process the failure occurs.
Meanwhile, I ‘d like suggest you may start troubleshooting with following the guides below and see if it will help:
Windows Server 2003 Wireless Troubleshooting
http://technet.microsoft.com/en-us/library/cc773359(WS.10).aspx
Troubleshooting Windows Vista 802.11 Wireless Connections
http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
[email protected]
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Random computers running Windows XP have this problem. It does not happen to all of them at once.
It is very random. A computer that has been connecting to the secure network for weeks will all of a sudden not be able to connect. The message is “attempting to authenticate” and it never makes the connection.
I checked if logging is turned on and I can see successful events from computers that are working.
I can also see failed events from computers that are not ours that tried to connect to our wireless.
However for the computers that are having this problem there are no logged events.
It is as if they don’t even communicate with the server.
Other clients on the same AP are working fine. I rebooted the IAS service, and RADIUS clients, but this did not help.
I also checked all the settings and they are correct, using PEAP, and validating the server certificate is disabled.
I did notice that the firewall is also turned on through group policy when the domain is not available.
Do you think the firewall is blocking the communication?
I added an exception to port 1812 UDP and this did not make a difference. -
WLC 5500 support for Diameter protocol?
We have been having issues with wireless user authentication (sessions start/die). Multiple authentications are sometimes needed for end users to connect. We use 802.1x to Microsoft Radius in server 2008 R2, and it's flaky. I've read up on the Diameter protocol, and it looks like it would be very good to use. However, our WLC 5508's only support the normal (and very old UDP version) of Radius.
Does Cisco plan on enhancing the software to be able to support Diameter in the future?That is something you would need to ask your Cisco SE about. I haven't heard anything regarding future support for that, but that doesn't mean it will not happen.
Mad far as your current deployment, I have many customers who are using Microsoft IAS and NPS for radius with no issues like what you are having. It's something you need to understand why they are not connecting right away. Many times it can be how the WLAN is configured or driver related issues.
-Scott -
Local Webauth WLC using radius database
Hi all,
I was implement local Webauth WLC not using local auth . I use radius database.
at least I try to add on my WLAN:
layer 3 web auth authentication
layer 2 security is WPA/WPA2 PSK
adding aaa radius server
aaa radius "network user" check list enabled
web auth priority order
radius
LDAP
after I Test WLAN ,I cant login using radius database.
but, if I implement security method wpa/wpa2 dot1x I can login using radius database.
is there any miss in my config for implement webauth method?
Thanks
ridhoAre you trying to use LDAP or Radius to authenticate the webauth users? Since you have 802.1x working, I don't see why you would use LDAP. What radius server are you using also? Typically if your using Microsoft IAS or NPS, you have to
Change the device type to Login to get webauth with radius to work. Here is an example of 3 ways to authenticate webauth users. You should be able to find others out there also.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml
Sent from Cisco Technical Support iPhone App -
Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication. I have this url that explains local authentication and LDAP... http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml . That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC. Any ideas?
You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used. -
How to set two radius servers one is window NPS another is cisco radius server
how to set two radius servers one is window NPS another is cisco radius server
when i try the following command, once window priority is first , i type cisco radius user name, it authenticated fail
i can not use both at the same time
radius-server host 192.168.1.3 is window NPS
radius-server host 192.168.1.1 is cisco radius
http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/
conf t
no aaa authentication login default line
no aaa authentication login local group radius
no aaa authorization exec default group radius if-authenticated
no aaa authorization network default group radius
no aaa accounting connection default start-stop group radius
aaa new-model
aaa group server radius IAS
server 192.168.1.1 auth-port 1812 acct-port 1813
server 192.168.1.3 auth-port 1812 acct-port 1813
aaa authentication login userAuthentication local group IAS
aaa authorization exec userAuthorization local group IAS if-authenticated
aaa authorization network userAuthorization local group IAS
aaa accounting exec default start-stop group IAS
aaa accounting system default start-stop group IAS
aaa session-id common
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
radius-server host 192.168.1.2 auth-port 1812 acct-port 1813
radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
radius-server host 192.168.1.3 auth-port 1812 acct-port 1813
privilege exec level 1 show config
ip radius source-interface Gi0/1
line vty 0 4
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
line vty 5 15
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
end
conf t
aaa group server radius IAS
server 192.168.1.3 auth-port 1812 acct-port 1813
server 192.168.1.1 auth-port 1812 acct-port 1813
endThe first AAA server listed in your config will always be used unless/until it becomes unavailable. At that point the NAD would move down to the next AAA server defined on the list and use that one until it becomes unavailable and then move to third one, and so on.
If you want to use two AAA servers at the same time then you will need to put a load balancer in front of them. Then the virtual IP (vip) will be listed in the NADs vs the individual AAA servers' IPs.
I hope this helps!
Thank you for rating helpful posts! -
2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560
I am migrating our IAS server from 2003 R2 to 2008 R2 NPS that we use to authenticate VPN conenctions through AD. Currently works without issue on 2003 R2 server. Does not want to work on 2008 R2 NPS server.
We are using Cisco VPN client 5.0.03.0560 as the VPN client. Below is the log file when I try to connect. Can someone tell me what needs to be done on NPS to get this working? If more info is needed please ask and will supply.
Cisco Systems VPN Client Version 5.0.03.0560
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
Config file directory: C:\Program Files\Cisco Systems\VPN Client\
1 10:55:10.906 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
2 10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
3 10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
4 10:55:10.921 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.
5 10:55:10.937 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
6 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
7 10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
8 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
9 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
10 10:55:11.203 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
11 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
12 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
13 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
14 10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
15 10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
16 10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
17 10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x078F, Remote Port = 0x1194
18 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
19 10:55:11.140 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
20 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
21 10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
22 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
23 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
24 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
25 10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
26 10:55:11.203 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
27 10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
28 10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
29 10:55:15.484 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
30 10:55:15.484 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
31 10:55:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
32 10:55:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
33 10:55:41.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
34 10:55:51.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
35 10:55:52.593 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
36 10:55:52.593 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
37 10:55:52.609 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
38 10:55:52.593 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
39 10:56:01.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
40 10:56:07.656 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
41 10:56:07.656 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
42 10:56:11.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
43 10:56:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
44 10:56:22.656 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
45 10:56:22.656 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
46 10:56:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
47 10:56:37.765 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
48 10:56:37.765 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
49 10:56:41.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
50 10:56:51.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
51 10:56:52.812 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
52 10:56:52.812 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
53 10:57:01.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
54 10:57:07.562 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
55 10:57:07.562 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
56 10:57:11.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
57 10:57:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
58 10:57:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
59 10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
60 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
61 10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
62 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
63 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
64 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
65 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
66 10:57:33.046 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
67 10:57:33.062 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
68 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
69 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
70 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
71 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
72 11:00:54.656 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
73 11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
74 11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
75 11:00:54.687 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
76 11:00:54.703 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
77 11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
78 11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
79 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
80 11:00:54.953 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
81 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
82 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
83 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
84 11:00:55.015 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
85 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
86 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
87 11:00:54.953 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
88 11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
89 11:00:54.968 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
90 11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x0798, Remote Port = 0x1194
91 11:00:54.968 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
92 11:00:54.968 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
93 11:00:55.000 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
94 11:00:55.000 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
95 11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
96 11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
97 11:00:55.015 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
98 11:00:55.015 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
99 11:00:55.015 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
100 11:00:58.765 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
101 11:00:58.765 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
102 11:01:05.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
103 11:01:15.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
104 11:01:25.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
105 11:01:30.312 06/05/14 Sev=Info/6 GUI/0x63B0000D
Disconnecting VPN connection.
106 11:01:30.312 06/05/14 Sev=Info/4 CM/0x63100006
Abort connection attempt before Phase 1 SA up
107 11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
108 11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
109 11:01:30.328 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
110 11:01:30.328 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
111 11:01:30.328 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
112 11:01:30.328 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
113 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
114 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
115 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
116 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
117 11:01:44.875 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
118 11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
119 11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
120 11:01:44.906 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
121 11:01:44.921 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
122 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
123 11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
124 11:01:45.296 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
125 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
126 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
127 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
128 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
129 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
130 11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
131 11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
132 11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
133 11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x079B, Remote Port = 0x1194
134 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
135 11:01:45.234 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
136 11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
137 11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
138 11:01:45.281 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
139 11:01:45.281 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
140 11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
141 11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
142 11:01:45.296 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
143 11:01:45.296 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
144 11:01:45.296 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
145 11:01:53.625 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
146 11:01:53.625 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
147 11:01:53.640 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
148 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
149 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
150 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
151 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
152 11:01:53.640 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
153 11:01:53.640 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
154 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
155 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
156 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
157 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
158 11:02:00.406 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
159 11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
160 11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server "com"
161 11:02:00.421 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
162 11:02:00.437 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
163 11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
164 11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
165 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
166 11:02:01.015 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
167 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
168 11:02:01.109 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
169 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
170 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
171 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
172 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
173 11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
174 11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
175 11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
176 11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x079E, Remote Port = 0x1194
177 11:02:01.031 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
178 11:02:01.031 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
179 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
180 11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
181 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
182 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
183 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
184 11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
185 11:02:01.078 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
186 11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
187 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
188 11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
189 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
190 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
191 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
192 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
193 11:02:06.406 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
194 11:02:06.421 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
195 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
196 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
197 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
198 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stoppedI am using 2008 R2 NPS as radius server. 1841 ISR as VPN device. Here are debug loghs from Cisco 1841
1430434: .Jun 9 2014 12:06:59.187 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430435: .Jun 9 2014 12:06:59.187 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/140
1430436: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430437: .Jun 9 2014 12:06:59.191 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430438: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430439: .Jun 9 2014 12:06:59.191 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430440: .Jun 9 2014 12:06:59.191 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430441: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430442: .Jun 9 2014 12:06:59.191 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430443: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Response (140) failed decrypt
1430444: .Jun 9 2014 12:07:05.246 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430445: .Jun 9 2014 12:07:05.246 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430446: .Jun 9 2014 12:07:05.250 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430447: .Jun 9 2014 12:07:05.250 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430448: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430449: .Jun 9 2014 12:07:05.250 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430450: .Jun 9 2014 12:07:05.250 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430451: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430452: .Jun 9 2014 12:07:05.250 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430453: .Jun 9 2014 12:07:05.254 PDT: RADIUS: Response (140) failed decrypt
1430454: .Jun 9 2014 12:07:08.574 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp x.x.9.47(21303) -> x.x.109.122(5038), 1 packet
1430455: .Jun 9 2014 12:07:09.826 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430456: .Jun 9 2014 12:07:09.826 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430457: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Received from id 1645/140 10.1.x.x:1645, Access-Reject, len 20
1430458: .Jun 9 2014 12:07:09.830 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430459: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430460: .Jun 9 2014 12:07:09.830 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430461: .Jun 9 2014 12:07:09.830 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430462: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430463: .Jun 9 2014 12:07:09.830 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430464: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Response (140) failed decrypt
1430465: .Jun 9 2014 12:07:14.210 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430466: .Jun 9 2014 12:07:14.210 PDT: RADIUS: No response from (10.1.4.7:1645,1646) for id 1645/140
Log Buffer (4096 bytes):
6E7C
1430534: .Jun 9 2014 12:09:50.586 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430535: .Jun 9 2014 12:09:50.586 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430536: .Jun 9 2014 12:09:50.590 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430537: .Jun 9 2014 12:09:50.590 PDT: RADIUS: Response (141) failed decrypt
1430538: .Jun 9 2014 12:09:51.902 PDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
1430539: .Jun 9 2014 12:09:55.638 PDT: %SEC-6-IPACCESSLOGP: list 112 denied tcp x.x.245.x(1602) -> x.32.x.x(445), 1 packet
1430540: .Jun 9 2014 12:09:55.974 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430541: .Jun 9 2014 12:09:55.974 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430542: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Received from id 1645/141 10.1.4.7:1645, Access-Reject, len 20
1430543: .Jun 9 2014 12:09:55.978 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430544: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430545: .Jun 9 2014 12:09:55.978 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430546: .Jun 9 2014 12:09:55.978 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430547: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430548: .Jun 9 2014 12:09:55.978 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430549: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Response (141) failed decrypt
1430550: .Jun 9 2014 12:09:58.070 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 27.x.x.x(33281) -> 12.x.x.x(80), 1 packet
1430551: .Jun 9 2014 12:10:00.326 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430552: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.1.x.x:1645,1646 is not responding.
1430553: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.1.x.x:1645,1646 is being marked alive.
1430554: .Jun 9 2014 12:10:00.326 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/141
1430555: .Jun 9 2014 12:10:00.330 PDT: RADIUS: Received from id 1645/141 10.1.x.x:1645, Access-Reject, len 20
1430556: .Jun 9 2014 12:10:00.330 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430557: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430558: .Jun 9 2014 12:10:00.330 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430559: .Jun 9 2014 12:10:00.330 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430560: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430561: .Jun 9 2014 12:10:00.330 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430562: .Jun 9 2014 12:10:00.334 PDT: RADIUS: Response (141) failed decrypt
1430563: .Jun 9 2014 12:10:01.713 PDT: %SEC-6-IPACCESSLOGDP: list 102 denied icmp 175.x.x.x -> x.x.x.104 (3/3), 1 packet
1430564: .Jun 9 2014 12:10:05.841 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430565: .Jun 9 2014 12:10:05.841 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430566: .Jun 9 2014 12:10:05.845 PDT: RADIUS: Received from id 1645/141 10.x.x.x:1645, Access-Reject, len 20
1430567: .Jun 9 2014 12:10:05.845 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430568: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430569: .Jun 9 2014 12:10:05.845 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430570: .Jun 9 2014 12:10:05.845 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430571: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430572: .Jun 9 2014 12:10:05.849 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430573: .Jun 9 2014 12:10:05.849 PDT: RADIUS: Response (141) failed decrypt -
NPS Authentication Fails (Reason 16) After Migration to 2012 R2 from 2008 R2
I'm using NPS for wired dot1x authentication and I just migrated my NPS server from 2008 R2 to 2012 R2. When I point the network switch to start using the new 2012 R2 NPS as the RADIUS server, I get authentication failures - event 6273, reason code
16. When I switch it back to the 2008 R2 server, it works fine. The two servers are configured EXACTLY the same as far as I can tell - same RADIUS client config, same connection request policies, same network policies - and it should be since I
used the MS prescribed migration process. The only thing that differs is the server's certificate name used in the PEAP setup screen.
I'm using computer authentication only, so everything is based on computer accounts and I've selected to NOT validate server credentials on the group policy.
I've verified the shared secrets multiple times. Both servers are domain controllers.
Here is an example of the errors logged on the 2012 R2 server.
========================================
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: FAITHCHURCH\youthroom$
Account Name: host/YOUTHROOM.faithchurch.net
Account Domain: FAITHCHURCH
Fully Qualified Account Name: FAITHCHURCH\youthroom$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: -
Calling Station Identifier: 44-37-E6-C0-32-CA
NAS:
NAS IPv4 Address: 192.168.1.1
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Ethernet
NAS Port: 1010
RADIUS Client:
Client Friendly Name: Extreme X440
Client IP Address: 192.168.1.1
Authentication Details:
Connection Request Policy Name: Secure Wired (Ethernet) Connections 2
Network Policy Name: Secure Wired (Ethernet) Connections 2
Authentication Provider: Windows
Authentication Server: Sigma.faithchurch.net
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
========================================Hi,
Have you added the NPS server to the RAS and IAS Servers
security group in AD DS?
The NPS server needs permission to read the dial-in properties of user accounts during the authorization process.
Try to add a loal user on the NPS server, then test with the local user. If it works, it means that there is something wrong between NPS and DC.
If the issue persists, it means that the configuration between NPS and NAS is wrong.
Steven Lee
TechNet Community Support -
NPS return Internal Error with Reason Code 1
Hi,
I am having an embedded client which is trying to authenticate using PEAP-MSCHAPv2 using NPS server 2008.
NPS returns this error
Network Policy Server discarded the request for a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:
SANDBOX\deeps
Account Name:
deeps
Account Domain:
SANDBOX
Fully Qualified Account Name:
SANDBOX\deeps
Client Machine:
Security ID:
NULL SID
Account Name:
Fully Qualified Account Name:
OS-Version:
Called Station Identifier:
Calling Station Identifier:
NAS:
NAS IPv4 Address:
xx.xx.xx.xx
NAS IPv6 Address:
NAS Identifier:
NAS Port-Type:
Wireless - Other
NAS Port:
5
RADIUS Client:
Client Friendly Name:
Deeps_Canopy_AP
Client IP Address:
xx.xx.xx.xx
Authentication Details:
Connection Request Policy Name:
deeps-test
Network Policy Name:
deeps-test
Authentication Provider:
Windows
Authentication Server:
USIL01PMPTST01.sandbox.com
Authentication Type:
EAP
EAP Type:
Account Session Identifier:
Reason Code:
1
Reason:
An internal error occurred. Check the system event log for additional information.
This is not very helpful as it doesn't describe what went wrong and where.
What else logs can I enable to debug further ? Attached are few logs from various components,
Certificate,CRP and Network Policy are fine as they work fine with other standard client.
Please help.
Thanks,
Netlogon logon and it return 0.
4/20 05:31:32 [LOGON] [6480] SANDBOX: SamLogon: Network logon of SANDBOX\deeps from Entered
04/20 05:31:32 [LOGON] [6480] SANDBOX: SamLogon: Network logon of SANDBOX\deeps from Returns 0x0
Logs of NPS IN1504.log
<Event><Timestamp data_type="4">04/20/2015 04:16:16.407</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name
data_type="1">deeps</User-Name><NAS-IP-Address data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU
data_type="0">1020</Framed-MTU><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 25</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:16.407</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 25</Class><Session-Timeout data_type="0">30</Session-Timeout><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor
data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name
data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name
data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:16.672</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 26</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:16.672</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 26</Class><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Session-Timeout
data_type="0">30</Session-Timeout><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name
data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:16.938</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 27</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:16.938</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 27</Class><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:17.878</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 28</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:17.878</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 28</Class><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:18.141</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 29</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:18.141</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 29</Class><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:18.405</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 30</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:18.405</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 30</Class><Session-Timeout data_type="0">60</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:18.669</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 31</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:18.669</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 31</Class><Session-Timeout data_type="0">60</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:19.629</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 32</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 04:16:19.629</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 32</Class><Session-Timeout data_type="0">60</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:29.898</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name
data_type="1">deeps</User-Name><NAS-IP-Address data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU
data_type="0">1020</Framed-MTU><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 40</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:29.898</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 40</Class><Session-Timeout data_type="0">30</Session-Timeout><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor
data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name
data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name
data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:30.176</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 41</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:30.176</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 41</Class><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Session-Timeout
data_type="0">30</Session-Timeout><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name
data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:30.441</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 42</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:30.441</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 42</Class><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:31.383</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 43</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:31.383</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 43</Class><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:31.655</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 44</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:31.655</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 44</Class><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:31.920</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 45</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:31.920</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 45</Class><Session-Timeout data_type="0">60</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:32.184</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 46</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:32.184</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 46</Class><Session-Timeout data_type="0">60</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:32.458</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address
data_type="3">10.110.61.2</NAS-IP-Address><NAS-Port data_type="0">5</NAS-Port><NAS-Port-Type data_type="0">18</NAS-Port-Type><Framed-MTU data_type="0">1020</Framed-MTU><Client-IP-Address
data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><User-Name data_type="1">deeps</User-Name><Proxy-Policy-Name
data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Class
data_type="1">311 1 10.120.133.1 04/20/2015 08:26:24 47</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Quarantine-Update-Non-Compliant
data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">04/20/2015 05:31:32.458</Timestamp><Computer-Name data_type="1">USIL01PMPTST01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311
1 10.120.133.1 04/20/2015 08:26:24 47</Class><Session-Timeout data_type="0">60</Session-Timeout><Client-IP-Address data_type="3">10.110.61.2</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Deeps_Canopy_AP</Client-Friendly-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Proxy-Policy-Name data_type="1">deeps-test</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">SANDBOX\deeps</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">SANDBOX\deeps</Fully-Qualifed-User-Name><Authentication-Type
data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">deeps-test</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>Hi chitsri,
The log you provided above only contains the successful authentication.
Because standard clients are working fine with NPS, I assume that this issue is caused by the embedded client.
>>What else logs can I enable to debug further ?
We may try to perform a network capture on the NPS server. Then find out what's the difference between the embedded client and standard clients.
To download the the network monitor, please click the link below:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
If we can't find any hint from the capture data, you may contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Managing Prime Infrastructure 1.2 with MS IAS Radius
HI,
I have configured the PI 1.2il MS IAS radius server to authenticate machine with the management domain credentials.
When I needed to migrate the atuthenticatione from local to radius mode and I went to AAA and I select "with Radius server."
On the MS IAS I imported the tasks for users with role lobby ambassador and when I turned on the authentication mode in PI 1.2 with AAA Radius Server, the user was able to authenticate properly.
When I imported Admin or Root tasks on the server could not let the user management interface in Prime.
there is a documentation update?
Regards
AndreaI wrote about this some time ago. Its based on NPS but you should be able to tweak it for IAS as well.
http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure
- Be sure to rate all helpful posts -
Windows 2008 R2 NPS/ 1841 - Connection Failure
Looks like NPS is connecting but my AD account get locked out and the below are log entries from c:\windows\system32\logfiles
Any idea what the logs are telling me? 10.1.6.3 is router.
"MA-UTILITY","IAS",04/17/2014,09:26:52,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37
1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:26:52,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/15/2014 17:25:37 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:26:56,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:26:56,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/15/2014 17:25:37 2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:01,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 3",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:01,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/15/2014 17:25:37 3",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:05,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 4",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:05,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/15/2014 17:25:37 4",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:46,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 5",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:46,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/15/2014 17:25:37 5",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:51,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 6",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:51,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 6",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:56,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 7",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:27:56,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 7",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:28:00,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",8,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 8",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:28:00,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 8",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:36:51,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",5,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 9",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:36:51,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 9",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:36:56,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",5,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 10",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:36:56,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 10",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:37:01,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",5,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 11",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:37:01,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 11",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:37:05,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",5,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 12",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:37:05,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 12",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:28,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",6,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 13",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:28,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 13",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:33,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",6,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 14",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:33,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 14",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:38,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",6,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 15",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:38,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 15",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:43,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",6,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/15/2014 17:25:37 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,09:53:43,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/15/2014 17:25:37 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:16,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:16,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/17/2014 19:58:35 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:21,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:21,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/17/2014 19:58:35 2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:26,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 3",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:26,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/17/2014 19:58:35 3",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:31,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 4",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:09:31,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/17/2014 19:58:35 4",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:02,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 5",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:02,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,16,"311 1 10.1.4.7 04/17/2014 19:58:35 5",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:07,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 6",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:07,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/17/2014 19:58:35 6",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:12,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 7",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:12,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/17/2014 19:58:35 7",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:17,1,"dsantel","MOA\dsantel",,"99.148.214.150",,,,"10.1.6.3",11,0,"10.1.6.3","ma-rint",,,5,,,,1,,0,"311 1 10.1.4.7 04/17/2014 19:58:35 8",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"MA-UTILITY","IAS",04/17/2014,13:10:17,3,,"MOA\dsantel",,,,,,,,0,"10.1.6.3","ma-rint",,,,,,,1,,36,"311 1 10.1.4.7 04/17/2014 19:58:35 8",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication
for all users",1,,,,Hi,
Unfortunately, the available information is not enough have a clear view of the occurred behavior. For narrow down the reason, could you provide more information about your environment. when this problem occurs the system log record information, screenshots
is the best information. I don't found the simlar issue, please try to reset the specific user password then monitor the issue again.
More information:
Event Logs
http://technet.microsoft.com/en-us/library/cc722404.aspx
Thanks.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hi there,
We are currently working on the deployment of 802.1x enterprise-wide. Since we have some old devices that don't support 802.1x natively, and have a Cisco infrastructure, we decided to go the MAC Authentication Bypass route.
When we tested it prior, we were running Windows 2003 + IAS. The test was flawless, however, it required us to enable Reversable Encryption and relax our password complexity requirements, which was unacceptable. We then decided to upgrade to Windows 2008 to leverage the seperate password/complexity policy requirements based on a user or a group of users.
I've just finished setting that up, and it works perfect. We decided to go with NPS, as it had a bunch of features that were lacking from Windows 2003's IAS (namelly exporting the configuration and being able to import it to our other IAS/NPS servers). We currently run the NPS service on our DC's (two of them for redundancy), however, we can't seem to make the MAC Authentication Bypass work. After some digging, it seems that Microsoft has removed support for EAP-MD5 from Vista/2008. They mention that there are third party EAPHost compliant vendors that 'may' have EAP-MD5 support, but I've been unable to find any.
My question is, has anyone else ran into this problem? If so, how did you go about fixing it. Unfortunately, Cisco only seems to support EAP-MD5 for the MAC Authentication Bypass, we're currently running this on 3560 Catalyst switches. I'd much rather get it working again on our NPS servers, as I don't want to revert back to IAS, as it's a pain to replicate the configurations between more than 1 box.
Thanks!
WarrenHi PCGUY1184,
I am trying to get Mitel phones working with 802.1X, I have enabled MD5 and made the other changes you propose but its still not working. The event log is showing eventid 6274
Network Policy Server discarded the request for a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: Mitel8021X
Account Domain: #Domain Removed#
Fully Qualified Account Name: #Domain Removed#\Mitel8021X
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: -
Calling Station Identifier: 08-00-0F-5D-87-1A
NAS:
NAS IPv4 Address: 192.168.202.1
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Ethernet
NAS Port: 11
RADIUS Client:
Client Friendly Name: Nortel5520
Client IP Address: 192.168.202.1
Authentication Details:
Connection Request Policy Name: Secure Wired Connections
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: #NPS Server FQDN#
Authentication Type: -
EAP Type: -
Account Session Identifier: -
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
Did you come accross this problem? I saw a hotfix available for 2008R2 for EAP-MD5 where the name field is empty however the hotfix wont install as I believe I already have a newer version of raschap.dll
Regards,
Craig
Maybe you are looking for
-
Video iChat for AIM not working
I know this is a common question, but I've tried all the suggestions and it's still not working. I've already: -turned off Internet sharing -changed the port to 443 -changed my QuickTime streaming to 1.5 Mbps I also know it's a problem with my connec
-
Can't import some photos?
In iMovie 09 I can't import certain photos from iPhoto library (or directly in Finder). Some photos when dragged into the Project Pane just don't get added to the project. All my photos are jpgs and they're all larger than the project resolution I'm
-
Apps blink but don't start since update to 5.0.1
After completing msync and backup and update to 5.0.1, many of my apps just flash when I touch them, instead of opening and starting. I've rebooted, I've done a hard reset. What now? Help!
-
ORA-00488: RBAL process terminated with error
hi friends, OS: Enterprise Linux - 4 32bit, DB: oracle database 10g (10.2.0.1) I'm working around RAC for study purpose using VMWare server 1.0.4.. everythings goes fine till CLUSTER (10.2.0.1) installation, oracle database software installed without
-
Xcode and SWIFT development needs what OSX?
I think my old Macbook will get to OSx 10.7.5 but will that get me to Xcode 6 and SWIFT?