Re: Wireless IAS Authenication fails for new workstations: IAS_AUTH_Failure

"Rfoor1136" <rfoor1136@xxxxxxxxx> wrote in
news:1165936796.879511.264660@xxxxxxxxxxxxxxxxxxxxxxxxxxxx:

Good Morning,

I have been dealing with a strange issue. I have a wireless and
Established Radius network. I have deployed PEAP with MSCHAP V2 and
TKIP since May of 2006 successfully. We use IAS server and our own
certificate server. All the servers are 2003 SP1 and the Access point
are Cisco 1100 series.

All the current workstation on the wireless network work fine. Even if
I remove and reconfigure the seting for the wireless profile they will
connect no problems. I figure this eliminates just a simple password
issue.

However I have 3 new machines I need to add and they will not connect.
The only error I get from the cards is that authentication has failed.
When I view the IAS log it give me the error IAS_AUTH_Failure. I have
confirmed these workstations have received a certificate from the
server and the credendtials are correctly entered.

I would really appreciate any and questions or comments to help me
brainstorm through this issue.

Have a great day,

Rfoor1136


Are these domain member computers? If so, did you add them to the group of
computers to which you are granting wireless access in IAS remote access
policy?

Also check the dial-in properties of user accounts in AD -- is permission
set to Allow access or Control access through remote access policy?

You say the computers have the CA certificate in the Trusted Root
Certification Authority certificate store -- how did you enroll/install the
certificate? From a floppy, a CD, using the Web enrollment tool, or by
plugging the machine into the wired LAN and logging on (which is the
best/easiest way)? If the cert was moved somehow with drag and drop, it is
broken and will not work. If installing from floppy or CD you must import
the cert.

Also make sure clients have the correct wireless configuration -- are they
actually configured to authenticate with PEAP-MS-CHAP v2, and if so is the
wireless auto config service on by default with a startup type of
automatic?



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

Relevant Pages

  • Re: NPS RADIUS with Cisco wlc
    ... There is no layer 3 security assigned. ... And you must issue a certificate to the NPS server that is based on the IAS ... Connection request policy (ran through the wireless 802.1x wizard) ...
    (microsoft.public.internet.radius)
  • Re: "Validating identity" on wireless connect
    ... Validate server certificate) ... Microsoft Small Business Server Support ... > have created GPO for a wireless LAN. ... > diable ISA to see if that is blocking it. ...
    (microsoft.public.windows.server.sbs)
  • RE: Wireless connection problem from XP Pro SP2 to SBS 2003
    ... "Cuervolush" wrote: ... This computer can connect to other wireless networks without problems. ... Automatic Certificate Enrollment for local system failed to enroll ... The RPC Server is ...
    (microsoft.public.windows.server.sbs)
  • Re: Need help with 802.1x peap authentication
    ... If you open an mmc console on the server and add ... the Certificate snap-in for the 'Computer Account' then 'Local Computer', ... wireless Remote Access Policy, select Edit Profile, click the Authentication ...
    (microsoft.public.windows.server.general)
  • Re: Wireless connection problem from XP Pro SP2 to SBS 2003
    ... As long as you're sure the certificate is properly installed on the PC, I guess the priority would be to get wireless working, then worry about the auto enrollment later. ... compare all the settings between the non-working PC and the one that works. ...
    (microsoft.public.windows.server.sbs)