Re: IAS Certificate Error

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 04/07/04

  • Next message: James McIllece [MS]: "Re: IAS cannot provide the client-name inside AccessRules but in database log file?" 
    Date: Wed, 07 Apr 2004 10:39:19 -0700

    "jjb" <jeffbates@aitcny.com> wrote in
    news:eczbz#$GEHA.2612@TK2MSFTNGP09.phx.gbl:

    > Hi,
    > While trying to set up a wireless network using 802.1x with PEAP to
    > authenticate users.
    > We have:
    >
    > RADIUS server (Windows 2003 IAS on a DC)
    > Active Directory mixture of Windows .
    >
    > I have bought a VERISGN certificate and installed it on the IAS
    > server. We getting the following error messages:
    > Event Type: Error
    > Event Source: IAS
    > Event Category: None
    > Event ID: 3
    > Date: 4/6/2004
    > Time: 1:46:06 PM
    > User: N/A
    > Computer: CS3AD
    > Description:
    > Access request for user CNET\JeffB was discarded.
    > Fully-Qualified-User-Name = <undetermined>
    > NAS-IP-Address = 10.32.50.2
    > NAS-Identifier = CH1120B-92-C4DC
    > Called-Station-Identifier = 00-02-8A-A9-98-71
    > Calling-Station-Identifier = 00-40-96-40-1A-0A
    > Client-Friendly-Name = WAP-9 Memorial South-IT
    > Client-IP-Address = 10.32.50.2
    > NAS-Port-Type = Wireless - IEEE 802.11
    > NAS-Port = 442
    > Proxy-Policy-Name = <none>
    > Authentication-Provider = <undetermined>
    > Authentication-Server = <undetermined>
    > Reason-Code = 1
    > Reason = An internal error occurred. Check the system event log for
    > additional information.
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    > And
    > Event Type: Error
    > Event Source: IAS
    > Event Category: None
    > Event ID: 20168
    > Date: 4/6/2004
    > Time: 1:46:06 PM
    > User: N/A
    > Computer: CS3ADC01
    > Description:
    > Could not retrieve the Remote Access Server's certificate due to the
    > following error: The credentials supplied to the package were not
    > recognized
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    > Data:
    > 0000: 0d 03 09 80 ...€
    >
    > Any help would be great!
    >
    > Thanks,
    > - J
    >
    >
    >

    Can you see the server certificate in the IAS UI? (The location is in the
    remote access policy: click Edit Profile, then Authentication tab, then EAP
    Methods button, then select EAP type=PEAP and click Edit, then see drop-
    down dialog "Certificate issued.")

    If you can't see it, then you have a misconfigured cert that can't be used
    by IAS for server authentication. I assume Verisign can assist you if this
    is the problem. (And if this is the problem, in case you haven't already
    seen it, you may want to read "Obtaining and Installing a VeriSign WLAN
    Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication" at
    http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx.)

    If you can see the certificate in the IAS UI, the IAS team will need to
    examine your tracelogs.

    To enable tracing, run the following command at the command prompt:

    NETSH RAS SET TRACING * ENABLE

    The trace logs will be under %windir%\Tracing 

    -- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
  • Next message: James McIllece [MS]: "Re: IAS cannot provide the client-name inside AccessRules but in database log file?"
    Loading