Re: access request is discarded



Hi,

We just found a relevant Knowledge Base article on Microsoft.com
(posted three days ago!):

Windows Server 2003-based IAS servers do not send "access reject"
packets to IAS clients when the clients use unknown domain names in
authentication requests
http://support.microsoft.com/kb/946813

We just opened a call at Microsoft to obtain this patch.

Greetings,
Stijn.


On 6 mrt, 15:14, stijn.cald...@xxxxxxxxx wrote:
Hi,

We see that access requests of workgroup laptops are discarded when
trying to authenticate with a local machine user. We would like if the
packets were explicitly denied, because after a few dropped packets
the wireless controller supposes that the RADIUS server is down.
Requests of well-configured laptops with good requests (by domain
users) are accepted without any trouble. Hereunder you find two
examples, one of a discarded access request, one of an accepted access
request.
We are using two IAS radius servers with Windows Server 2003 SP2 and
domain controller functionality installed upon.
Any suggestion?

Many thanks,
Stijn Calders

Discarded access request:
Event Type:     Error
Event Source:   IAS
Event Category: None
Event ID:       3
Date:           6/03/2008
Time:           14:29:26
User:           N/A
Computer:       <radius server>
Description:
Access request for user TESTLAPHSD01\Administrator was discarded.
 Fully-Qualified-User-Name = TESTLAPHSD01\Administrator
 NAS-IP-Address = <wlan controller ip address>
 NAS-Identifier = <nas identifier>
 Called-Station-Identifier = <mac address>:<ssid>
 Calling-Station-Identifier = 00-15-00-4A-3B-86
 Client-Friendly-Name = <client friendly name>
 Client-IP-Address = 10.113.49.1
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = Accept all
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Reason-Code = 5
 Reason = The user account domain cannot be accessed.

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....

Accepted access request:
Event Type:     Information
Event Source:   IAS
Event Category: None
Event ID:       1
Date:           6/03/2008
Time:           14:29:20
User:           N/A
Computer:       <ias server>
Description:
User student\xx was granted access.
 Fully-Qualified-User-Name = student.kdg.be/xx
 NAS-IP-Address = <nas ip address>
 NAS-Identifier = <nas identifier>
 Client-Friendly-Name = <client friendly name>
 Client-IP-Address = <client ip address>
 Calling-Station-Identifier = 00-13-CE-7D-1D-A7
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = IAS Student Through NT Style
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow student users on KdG_Student
 Authentication-Type = PEAP
 EAP-Type = Secured password (EAP-MSCHAP v2)

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....

.



Relevant Pages

  • Re: Radius Client definition
    ... When using IAS in Windows Server 2003, Enterprise Edition, and Windows ... can configure RADIUS clients by specifying an IP address range. ...
    (microsoft.public.internet.radius)
  • Re: Newbe question.
    ... Do you mean "Internet Authentication Server"? ... Windows Server 2003 IAS is included in Microsoft® Windows® Server 2003, ... IAS is not provided with Microsoft® ...
    (microsoft.public.isa)
  • Aironet 1200/MS Radius Help - Yet Again
    ... Your collective help thus far has made me understand more about wireless ... RADIUS/IAS Server. ... I also got a certificate from verisign to install on one of the two IAS ... there are communications between the client and access ...
    (microsoft.public.internet.radius)
  • RE: Internet Authentication Service Issues
    ... I think the problem should be caused by that the SBS 2000 server (IAS ... In SBS system there is no Trust will be available. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Redundant IAS servers
    ... > additional IAS servers as RADIUS clients to my central IAS ... > server but that is not the redundancy I'm after. ... central IAS server configuration to a file, ...
    (microsoft.public.internet.radius)