The authentication request was dropped because the session timed out
- From: mark@xxxxxxxxxxxxxx
- Date: 22 Aug 2006 07:25:07 -0700
Any help would be appreciated with this situation
thank you
IAS
W2k SP4 server ( member server in native mode AD) running MS
certificate services as standalone root CA server
server authentication certificate issued by the CA installed in local
machine store
RAS client= Cisco WAP
RAP Authentication=PEAP using EAP-MS-CHAP v2
RAP Encryption=no encryption
RAP Advanced= Framed protocol- RADIUS standard-PPP & Service
Type-RADIUS Standard-Framed
WAP
Cisco aironet 1131AG
security=mandatory WEP
authentication settings= open authentication with EAP
Client
XP SP2
US Robotics 802.11g turbo PC card
root cert from CA server on IAS installed in local machine store via
web enrollment
Open authentication with WEP
PEAP using EAP-MSCHAP v2, set not to use windows logon credentials as
client is not part of AD
Validate server certificate
root CA server selected as trusted root certification authority
System prompt for credentials.. after typing in username/password and
domin name they client hangs at Attempting to authenticate.
Event viewer logs error message eventID 3 that says the reason is
"The authentication request was dropped because the session timed out
and gives reason code =96
IASSAM file
[3556] 10:13:52:228: NT-SAM Names handler received request with user
identity GUY\moemark.
[3556] 10:13:52:228: Username is already an NT4 account name.
[3556] 10:13:52:244: SAM-Account-Name is "GUY\moemark".
[3556] 10:13:52:244: NT-SAM Authentication handler received request for
GUY\moemark.
[3556] 10:13:52:244: No SAM credentials found. Checking account
restrictions and computing groups manually.
[3556] 10:13:52:244: Sending LDAP search to guy.paho.org.
[3556] 10:13:52:244: ldap_search_ext_sW failed: The specified server
cannot perform the requested operation.
[3556] 10:13:52:244: Retrying LDAP search.
[3556] 10:13:52:260: Opening LDAP connection to GUY-DC-01.guy.paho.org.
[3556] 10:13:52:291: LDAP connect succeeded.
[3556] 10:13:52:291: Sending LDAP search to guy.paho.org.
[3556] 10:13:52:306: Successfully processed account.
[3556] 10:13:52:306: NT-SAM User Authorization handler received request
for GUY\moemark.
[3556] 10:13:52:306: Using native-mode dial-in parameters.
[3556] 10:13:52:306: Sending LDAP search to guy.paho.org.
[3556] 10:13:52:306: Successfully retrieved per-user attributes.
[3556] 10:13:52:306: NT-SAM EAP handler received request.
[3556] 10:13:52:306: No State attribute present. Creating new session.
[3556] 10:13:52:306: Successfully created new session for user
GUY\moemark.
[3556] 10:13:52:306: Setting max. packet length to 1396.
[3556] 10:13:52:322: Processing output from EAP DLL.
[3556] 10:13:52:322: Inserting outbound EAP-Message of length 6.
[3556] 10:13:52:322: Issuing Access-Challenge.
[2380] 10:13:52:322: NT-SAM EAP handler received request.
[2380] 10:13:52:322: Successfully retrieved session state for user
GUY\moemark.
[2380] 10:13:52:338: Processing output from EAP DLL.
[2380] 10:13:52:338: Inserting outbound EAP-Message of length 1396.
[2380] 10:13:52:338: Issuing Access-Challenge.
[3556] 10:13:52:353: NT-SAM EAP handler received request.
[3556] 10:13:52:353: Successfully retrieved session state for user
GUY\moemark.
[3556] 10:13:52:353: Processing output from EAP DLL.
[3556] 10:13:52:353: Inserting outbound EAP-Message of length 1396.
[3556] 10:13:52:353: Issuing Access-Challenge.
[2380] 10:13:52:353: NT-SAM EAP handler received request.
[2380] 10:13:52:353: Successfully retrieved session state for user
GUY\moemark.
[2380] 10:13:52:353: Processing output from EAP DLL.
[2380] 10:13:52:353: Inserting outbound EAP-Message of length 1396.
[2380] 10:13:52:353: Issuing Access-Challenge.
[3556] 10:13:52:369: NT-SAM EAP handler received request.
[3556] 10:13:52:369: Successfully retrieved session state for user
GUY\moemark.
[3556] 10:13:52:369: Processing output from EAP DLL.
[3556] 10:13:52:369: Inserting outbound EAP-Message of length 222.
[3556] 10:13:52:369: Issuing Access-Challenge.
[2380] 10:13:52:385: NT-SAM EAP handler received request.
[2380] 10:13:52:385: Successfully retrieved session state for user
GUY\moemark.
[3556] 10:14:55:902: NT-SAM EAP handler received request.
[3556] 10:14:55:902: Session timed-out. Discarding packet.
[3556] 10:15:58:795: NT-SAM EAP handler received request.
[3556] 10:15:58:795: Session timed-out. Discarding packet.
[2312] 10:17:06:438: NT-SAM EAP handler received request.
[2312] 10:17:06:438: Session timed-out. Discarding packet.
RASTLS
[3556] 10:13:52:306: EapPeapBegin
[3556] 10:13:52:306: PeapReadUserData
[3556] 10:13:52:306:
[3556] 10:13:52:306: EapTlsBegin(GUY\moemark)
[3556] 10:13:52:306: State change to Initial
[3556] 10:13:52:306: EapTlsBegin: Detected PEAP authentication
[3556] 10:13:52:306: MaxTLSMessageLength is now 16384
[3556] 10:13:52:306: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
[3556] 10:13:52:306: CRYPT_E_REVOCATION_OFFLINE will not be ignored
[3556] 10:13:52:306: The root cert will not be checked for revocation
[3556] 10:13:52:306: The cert will be checked for revocation
[3556] 10:13:52:322: EapPeapBegin done
[3556] 10:13:52:322: EapPeapMakeMessage
[3556] 10:13:52:322: EapPeapSMakeMessage
[3556] 10:13:52:322: PEAP:PEAP_STATE_INITIAL
[3556] 10:13:52:322: EapTlsSMakeMessage
[3556] 10:13:52:322: EapTlsReset
[3556] 10:13:52:322: State change to Initial
[3556] 10:13:52:322: GetCredentials
[3556] 10:13:52:322: Flag is Server and Store is local Machine
[3556] 10:13:52:322: GetCachedCredentials
[3556] 10:13:52:322: PEAP GetCachedCredentials: Using cached
credentials.
[3556] 10:13:52:322: BuildPacket
[3556] 10:13:52:322: << Sending Request (Code: 1) packet: Id: 3,
Length: 6, Type: 13, TLS blob length: 0. Flags: S
[3556] 10:13:52:322: State change to SentStart
[3556] 10:13:52:322: EapPeapSMakeMessage done
[3556] 10:13:52:322: EapPeapMakeMessage done
[2380] 10:13:52:322: EapPeapMakeMessage
[2380] 10:13:52:322: EapPeapSMakeMessage
[2380] 10:13:52:322: PEAP:PEAP_STATE_TLS_INPROGRESS
[2380] 10:13:52:322: EapTlsSMakeMessage
[2380] 10:13:52:322: MakeReplyMessage
[2380] 10:13:52:322: Reallocating input TLS blob buffer
[2380] 10:13:52:322: SecurityContextFunction
[2380] 10:13:52:338: AcceptSecurityContext returned 0x90312
[2380] 10:13:52:338: State change to SentHello
[2380] 10:13:52:338: BuildPacket
[2380] 10:13:52:338: << Sending Request (Code: 1) packet: Id: 4,
Length: 1396, Type: 13, TLS blob length: 4382. Flags: LM
[2380] 10:13:52:338: EapPeapSMakeMessage done
[2380] 10:13:52:338: EapPeapMakeMessage done
[3556] 10:13:52:353: EapPeapMakeMessage
[3556] 10:13:52:353: EapPeapSMakeMessage
[3556] 10:13:52:353: PEAP:PEAP_STATE_TLS_INPROGRESS
[3556] 10:13:52:353: EapTlsSMakeMessage
[3556] 10:13:52:353: BuildPacket
[3556] 10:13:52:353: << Sending Request (Code: 1) packet: Id: 5,
Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[3556] 10:13:52:353: EapPeapSMakeMessage done
[3556] 10:13:52:353: EapPeapMakeMessage done
[2380] 10:13:52:353: EapPeapMakeMessage
[2380] 10:13:52:353: EapPeapSMakeMessage
[2380] 10:13:52:353: PEAP:PEAP_STATE_TLS_INPROGRESS
[2380] 10:13:52:353: EapTlsSMakeMessage
[2380] 10:13:52:353: BuildPacket
[2380] 10:13:52:353: << Sending Request (Code: 1) packet: Id: 6,
Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[2380] 10:13:52:353: EapPeapSMakeMessage done
[2380] 10:13:52:353: EapPeapMakeMessage done
[3556] 10:13:52:369: EapPeapMakeMessage
[3556] 10:13:52:369: EapPeapSMakeMessage
[3556] 10:13:52:369: PEAP:PEAP_STATE_TLS_INPROGRESS
[3556] 10:13:52:369: EapTlsSMakeMessage
[3556] 10:13:52:369: BuildPacket
[3556] 10:13:52:369: << Sending Request (Code: 1) packet: Id: 7,
Length: 222, Type: 13, TLS blob length: 0. Flags:
[3556] 10:13:52:369: EapPeapSMakeMessage done
[3556] 10:13:52:369: EapPeapMakeMessage done
[2380] 10:13:52:385: EapPeapMakeMessage
[2380] 10:13:52:385: EapPeapSMakeMessage
[2380] 10:13:52:385: PEAP:PEAP_STATE_TLS_INPROGRESS
[2380] 10:13:52:385: EapTlsSMakeMessage
[2380] 10:13:52:385: MakeReplyMessage
[2380] 10:13:52:385: Reallocating input TLS blob buffer
[2380] 10:13:52:385: SecurityContextFunction
RASPIPE
[3556] 10:13:52:228: Request at $00B34048 was received by the Pipeline
Manager...
[3556] 10:13:52:228: Request at $00B34048 was given to pipeline 'Begin
Session'...
[3556] 10:13:52:228: Request at $00B34048 was received by pipeline
'Begin Session'...
[3556] 10:13:52:228: Request at $00B34048 received by stage
'Roaming'...
[3556] 10:13:52:228: Request at $00B34048 was given to request handler
'MS Names'...
[3556] 10:13:52:244: Request at $00B34048 received by stage 'Credential
Retrieval'...
[3556] 10:13:52:244: Request at $00B34048 was given to request handler
'BaseCamp Host'...
[3556] 10:13:52:244: Request at $00B34048 was given to request handler
'Authentication'...
[3556] 10:13:52:306: Request at $00B34048 received by stage 'NAP
Evaluation'...
[3556] 10:13:52:306: Request at $00B34048 was given to request handler
'MS NAP'...
[3556] 10:13:52:306: Request at $00B34048 received by stage 'User
Authorization'...
[3556] 10:13:52:306: Request at $00B34048 was given to request handler
'MS User Authorizations'...
[3556] 10:13:52:306: Request at $00B34048 has reached the end of
pipeline 'Begin Session'...
[3556] 10:13:52:306: Request at $00B34048 was given to pipeline 'In
Session'...
[3556] 10:13:52:306: Request at $00B34048 was received by pipeline 'In
Session'...
[3556] 10:13:52:306: Request at $00B34048 received by stage 'User
Authentication'...
[3556] 10:13:52:306: Request at $00B34048 was given to request handler
'MS EAP DLL Wrapper'...
[3556] 10:13:52:322: Request at $00B34048 was returned to protocol...
[2380] 10:13:52:322: Request at $00B34048 was received by the Pipeline
Manager...
[2380] 10:13:52:322: Request at $00B34048 was given to pipeline 'In
Session'...
[2380] 10:13:52:322: Request at $00B34048 was received by pipeline 'In
Session'...
[2380] 10:13:52:322: Request at $00B34048 received by stage 'User
Authentication'...
[2380] 10:13:52:322: Request at $00B34048 was given to request handler
'MS EAP DLL Wrapper'...
[2380] 10:13:52:338: Request at $00B34048 was returned to protocol...
[3556] 10:13:52:353: Request at $00B34048 was received by the Pipeline
Manager...
[3556] 10:13:52:353: Request at $00B34048 was given to pipeline 'In
Session'...
[3556] 10:13:52:353: Request at $00B34048 was received by pipeline 'In
Session'...
[3556] 10:13:52:353: Request at $00B34048 received by stage 'User
Authentication'...
[3556] 10:13:52:353: Request at $00B34048 was given to request handler
'MS EAP DLL Wrapper'...
[3556] 10:13:52:353: Request at $00B34048 was returned to protocol...
[2380] 10:13:52:353: Request at $00B34048 was received by the Pipeline
Manage
.
- Prev by Date: Re: Can this be done? Wireless Access w/o the use if CERTs
- Next by Date: Re: Can this be done? Wireless Access w/o the use if CERTs
- Previous by thread: Requesting certificate from CA server : problem
- Next by thread: Re: IAS server security
- Index(es):
Relevant Pages
|
