RE: 802.1x, Computers, Wired Security

---

• From: doubleH <heath@xxxxxxxxxxxxxx>
• Date: Fri, 11 Jul 2008 07:40:00 -0700

---

I'm also trying to use PEAP-MS-CHAP v2

"doubleH" wrote:

Howdy,

I am trying to setup 802.1x using HP's IDM and W2K3 IAS. I am able to get
the user to authenticate to IAS once they have logged on to Windows. The
problem is I cannot get the computer to authenticate which is an issue
because none of the GPO's will be refreshed at boot up. I've exported my CA's
root certificate and have imported it into a GPO so that I can see it listed
under Trusted Root Certification Authorities on the client so I'm not sure
what I am missing. Does the client computer need to have a cert? Here is my
setup and the error from the IAS server is below...

DC1 - AD/DNS/DHCP/IAS Primary/IDM Agent
DC2 - AD/DNS/DHCP/IAS Secondary/IDM Agent/Enterprise Root CA

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 7/11/2008
Time: 9:13:50 AM
User: N/A
Computer: DC1
Description:
User host/stations20dcnb.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\STATIONS20DCNB$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....

Thanks !

.

---

• Follow-Ups:
  • RE: 802.1x, Computers, Wired Security
    • From: Miles Li [MSFT]

• References:
  • 802.1x, Computers, Wired Security
    • From: doubleH

• Prev by Date: Re: Creating Subdomains and routing emails
• Next by Date: Re: ADAM Partitions on Separate Servers
• Previous by thread: 802.1x, Computers, Wired Security
• Next by thread: RE: 802.1x, Computers, Wired Security
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: WPA Security and Cert Services ... I setup a IAS and a Cert server. ... > x.x.x.x) It seems to me that the IAS server is trying to authenticate ... Your RADIUS client is your access point, ... (microsoft.public.windows.server.general) Question concerning Remote Access Authentication with IAS ... I'm interested in learning how and if IAS supports the ability to perform ... RADIUS CHAP authentication of a client who is part of a Windows ... Windows Domain and I want to authenticate this user against the Active ... (microsoft.public.win2000.active_directory) Question concerning Remote Access Authentication with IAS ... I'm interested in learning how and if IAS supports the ability to perform ... RADIUS CHAP authentication of a client who is part of a Windows ... Windows Domain and I want to authenticate this user against the Active ... (microsoft.public.security) 802.1x, Computers, Wired Security ... I am trying to setup 802.1x using HP's IDM and W2K3 IAS. ... the user to authenticate to IAS once they have logged on to Windows. ... Does the client computer need to have a cert? ... (microsoft.public.windows.server.active_directory) Re: LDAP Authentication problem ... The server requires SSL/TLS to connect... ... client to this server and to authenticate on it. ... It's been a long time since I setup a machine as an LDAP client from ... (Debian-User)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)