Wireless 802.1x WPA + 2003 IAS - was working; now broken

Tech-Archive recommends: Fix windows errors by optimizing your registry

I've been going nuts trying to figure this out. My wireless has been working
for several months and all of a sudden stopped last weekend. Here's my setup:

Windows Server 2003 Enterprise SP1 (all latest hotfixes and patches as of
3/1/2007)
Linksys WRT54G v2.0 running DD-WRT v23 SP2 (09/15/06) std
Windows XP SP2 laptops with Dell TrueMobile 1300 internal wireless cards
Wireless policy was setup using the built-in wizard and pretty much set to
defaults. I'm using Protected EAP (PEAP) with EAP-MSCHAP v2 as the only EAP
type because we have a self-signed certificate. The wireless clients are set
to ignore server certificates.

I'm not sure what changed but now my wireless clients just get stuck at
"Attempting to Authenticate". My RADIUS logs show the following:

============================================================
192.168.0.11,,03/01/2007,14:46:10,IAS,SERVER1,4,192.168.0.11,30,000f662c2651,31,00904b6d2e3c,32,000f662c2651,5,63,12,1400,61,19,4108,192.168.0.11,4116,0,4128,WRT54G,4155,1,4154,Use
Windows authentication for all users,25,311 1 192.168.0.2 03/01/2007 20:40:33
4,4129,DOMAIN\Guest,4130,DOMAIN\Guest,4127,5,4136,1,4142,0
192.168.0.11,,03/01/2007,14:46:10,IAS,SERVER1,25,311 1 192.168.0.2
03/01/2007 20:40:33 4,4127,5,4130,DOMAIN\Guest,4129,DOMAIN\Guest,4154,Use
Windows authentication for all
users,4155,1,4128,WRT54G,4116,0,4108,192.168.0.11,4136,3,4142,34
============================================================

It appears the clients are not passing credentials to the IAS server and are
trying to use the domain guest account instead. This account is and always
has been disabled so the authentication, of course, fails. In the system
event log I see the following when authentication fails:

============================================================
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 3/1/2007
Time: 2:46:10 PM
User: N/A
Computer: SERVER1
Description:
User <not present> was denied access.
Fully-Qualified-User-Name = DOMAIN\Guest
NAS-IP-Address = 192.168.0.11
NAS-Identifier = 000f662c2651
Called-Station-Identifier = 000f662c2651
Calling-Station-Identifier = 00904b6d2e3c
Client-Friendly-Name = WRT54G
Client-IP-Address = 192.168.0.11
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 63
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 34
Reason = Authentication failed because the user account is not enabled.
Before the account can be authenticated, a person with administrative rights
for either the computer or the domain must enable the user account.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
============================================================

I enabled tracing on the clients and I see the following in EAPOL.LOG:

============================================================
[1024] 15:25:17:836: ElTimeoutCallbackRoutine entered
[1024] 15:25:17:836: FSMConnecting entered for port Dell TrueMobile 1300
WLAN Mini-PCI Card
[1024] 15:25:17:836: TIMER: Restart PCB Time: 60
[1024] 15:25:17:836: ElWriteToPort entered: Pkt Length = 7
[1024] 15:25:17:836: ElWriteToPort: pPCB = 097830D0, RefCnt = 3
[1024] 15:25:17:836: ElWriteToInterface entered
[1024] 15:25:17:836: ElWriteToInterface completed, RetCode = 0
[1024] 15:25:17:836: Setting state CONNECTING for port Dell TrueMobile 1300
WLAN Mini-PCI Card
[1024] 15:25:17:836: FSMConnecting completed for port Dell TrueMobile 1300
WLAN Mini-PCI Card
[1024] 15:25:17:836: ElTimeoutCallbackRoutine completed
[1024] 15:25:17:836: ElIoCompletionRoutine called, 19 bytes xferred
[1024] 15:25:17:836: ElWriteCompletionRoutine sent out 19 bytes with error 0
[1024] 15:25:17:836: ElWriteCompletionRoutine: pPCB= 097830D0, RefCnt = 3
[1076] 15:25:17:836: ElIoCompletionRoutine called, 23 bytes xferred
[1076] 15:25:17:836: ElReadCompletionRoutine entered, 23 bytes recvd
[1076] 15:25:17:836: ProcessReceivedPacket entered, length = 23
[1076] 15:25:17:836: ProcessReceivedPacket: EAP_Packet
[1076] 15:25:17:836: ProcessReceivedPacket: EAPOLSTATE_CONNECTING
[1076] 15:25:17:836: TIMER: Restart PCB Time: 2097148
[1076] 15:25:17:836: FSMAcquired entered for port Dell TrueMobile 1300 WLAN
Mini-PCI Card
[1076] 15:25:17:836: TIMER: Restart PCB Time: 30
[1076] 15:25:17:836: ElEapEnd entered
[1076] 15:25:17:836: ElEapDllEnd called for EAP Index 1
[1076] 15:25:17:836: ElEapBegin entered
[1076] 15:25:17:836: ElEapBegin done
[1076] 15:25:17:836: ElEapWork: EapolPkt created at 055FCC10
[1076] 15:25:17:836: ElEapMakeMessage entered
[1076] 15:25:17:836: ElParseIdentityString: Packet length 5 less than
minimum 5
[1076] 15:25:17:836: ElGetIdentity: Userlogged, Prev !Machine auth
[1076] 15:25:17:836: ElGetIdentity: Already got identity
[1076] 15:25:17:836: Identity sent out = DOMAIN\UserName
[1076] 15:25:17:836: ElWriteToPort entered: Pkt Length = 24
[1076] 15:25:17:836: ElWriteToPort: pPCB = 097830D0, RefCnt = 3
[1076] 15:25:17:836: ElWriteToInterface entered
[1076] 15:25:17:836: ElWriteToInterface completed, RetCode = 0
[1076] 15:25:17:836: Setting state ACQUIRED for port Dell TrueMobile 1300
WLAN Mini-PCI Card
[1076] 15:25:17:836: FSMAcquired completed for port Dell TrueMobile 1300
WLAN Mini-PCI Card
[1076] 15:25:17:836: ProcessReceivedPacket: Reposting buffer on port
{25834C75-873A-4D4F-99AC-9FF40F80D9F8}
[1076] 15:25:17:836: ElReadFromPort entered
[1076] 15:25:17:836: ElReadFromPort: pPCB = 097830D0, RefCnt = 4
[1076] 15:25:17:836: ProcessReceivedPacket: pPCB= 097830D0, RefCnt = 4
[1076] 15:25:17:836: ProcessReceivedPacket exit
[1076] 15:25:17:836: ElIoCompletionRoutine called, 36 bytes xferred
[1076] 15:25:17:836: ElWriteCompletionRoutine sent out 36 bytes with error 0
[1076] 15:25:17:836: ElWriteCompletionRoutine: pPCB= 097830D0, RefCnt = 3
[1076] 15:25:17:846: ElIoCompletionRoutine called, 24 bytes xferred
[1076] 15:25:17:846: ElReadCompletionRoutine entered, 24 bytes recvd
[1076] 15:25:17:846: ProcessReceivedPacket entered, length = 24
[1076] 15:25:17:846: ProcessReceivedPacket: EAP_Packet
[1076] 15:25:17:846: ProcessReceivedPacket: EAPOLSTATE_ACQUIRED
[1076] 15:25:17:846: TIMER: Restart PCB Time: 2097148
[1076] 15:25:17:846: FSMAuthenticating entered for port Dell TrueMobile 1300
WLAN Mini-PCI Card
[1076] 15:25:17:846: TIMER: Restart PCB Time: 30
[1076] 15:25:17:846: ElEapWork: EapolPkt created at 055FCC10
[1076] 15:25:17:846: ElEapMakeMessage entered
[1076] 15:25:17:846: ElMakeSupplicantMessage entered
[1076] 15:25:17:846: EAPSTATE_Initial
[1076] 15:25:17:846: ElEapDllBegin called for EAP Type 25
[1076] 15:25:17:846: ElEapDllBegin: Not Setting GUEST flag
[1076] 15:25:17:846: EAPSTATE_Working
[1076] 15:25:17:846: ElEapDllWork called for EAP Type 25
[1076] 15:25:17:846: EAP Dll returned Action=EAPACTION_Send
[1076] 15:25:17:846: ElEapDllWork finished for EAP Type 25 with error 0
[1076] 15:25:17:846: ElWriteToPort entered: Pkt Length = 86
[1076] 15:25:17:846: ElWriteToPort: pPCB = 097830D0, RefCnt = 3
[1076] 15:25:17:846: ElWriteToInterface entered
[1076] 15:25:17:846: ElWriteToInterface completed, RetCode = 0
[1076] 15:25:17:846: Setting state AUTHENTICATING for port Dell TrueMobile
1300 WLAN Mini-PCI Card
[1076] 15:25:17:846: WZCNetmanConnectionStatusChanged: Entered
[1076] 15:25:17:846: QueueEvent: CoCreateInstance succeeded
[1076] 15:25:17:846: ConnectionStatusChanged completed
[1076] 15:25:17:846: FSMAuthenticating completed for port Dell TrueMobile
1300 WLAN Mini-PCI Card
[1076] 15:25:17:846: ProcessReceivedPacket: Reposting buffer on port
{25834C75-873A-4D4F-99AC-9FF40F80D9F8}
[1076] 15:25:17:846: ElReadFromPort entered
[1076] 15:25:17:846: ElReadFromPort: pPCB = 097830D0, RefCnt = 4
[1076] 15:25:17:846: ProcessReceivedPacket: pPCB= 097830D0, RefCnt = 4
[1076] 15:25:17:846: ProcessReceivedPacket exit
[1076] 15:25:17:846: ElIoCompletionRoutine called, 98 bytes xferred
[1076] 15:25:17:846: ElWriteCompletionRoutine sent out 98 bytes with error 0
[1076] 15:25:17:846: ElWriteCompletionRoutine: pPCB= 097830D0, RefCnt = 3
============================================================

The part that stands out to me is: "ElEapDllBegin: Not Setting GUEST flag"

There have been no configuration changes on my network (that I'm aware of)
so I don't know why this would have just stopped working all of a sudden. Any
help would be greatly appreciated.

.

Relevant Pages

  • Re: IAS server and access points
    ... If you're using Vista clients, enable Single Sign On in the wireless GP ... I think it is unlikely that the machine authentication failure is specific ... Turn off tracing from a command prompt with ?netsh ras set tracing * ...
    (microsoft.public.internet.radius)
  • Serious flaw in Linksys wireless AP password security
    ... version 1) wireless router allows wireless clients to connect and use the ... Changing the "Authentication Type" setting had no effect ... I only verified the problem on firmware 4.50.6. ...
    (Bugtraq)
  • Serious flaw in Linksys wireless AP password security
    ... version 1) wireless router allows wireless clients to connect and use the ... Changing the "Authentication Type" setting had no effect ... I only verified the problem on firmware 4.50.6. ...
    (Bugtraq)
  • Re: newbie question
    ... up IAS remote ... members of the wireless group that you ... configure the authentication method you ...
    (microsoft.public.internet.radius)
  • RE: Wireless Security Notes and Findings (from this list and other places)
    ... There are two general areas of wireless security: Authentication and ... authentication standard that works with wireless networks. ... client computer runs a client program to connect to the network with a ...
    (Security-Basics)