IAS server blues (Can't get 802.1x to work)
- From: Steve Halvorson <steveh@xxxxxxxxxxxxxx>
- Date: Thu, 8 May 2008 14:38:05 -0700
I am deploying a new Wireless LAN with DLINK's DES1228 Managed Wireless AP
Switch and DWL 3140 Access points. The connection initiates and then fails
on authentication. This is 802.1x with WPA, EAP and AES. Certificate
services have been deployed to authenticate the machines as well as the users
and it appears that the certificates are deploying correctly. The event
viewer shows...
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 5/8/2008
Time: 11:53:16 AM
User: N/A
Computer: RAD1
Description:
User Max was denied access.
Fully-Qualified-User-Name = MyDomain.net/InformationTechnology/Maxwell J.
Smart
NAS-IP-Address = 0.0.0.0
NAS-Identifier = DWL-3140_WLS_SW
Called-Station-Identifier = 00-1e-58-2c-0a-72
Calling-Station-Identifier = 00-16-6f-07-69-d5
Client-Friendly-Name = AP_8
Client-IP-Address = 10.1.0.197
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 23
Reason = Unexpected error. Possible error in server or client configuration.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 27 03 09 80 '..€
--
IAS Log Sample
0.0.0.0,Max,05/08/2008,09:15:13,IAS,RAD1,40,2,44,0x000000000000000000000000,4,0.0.0.0,5,0,45,1,32,DWL-3140_WLS_SW,41,0,4108,10.1.0.195,4116,0,4128,AP_6,4154,Use Windows authentication for all users,4136,4,4142,0
0.0.0.0,max,05/08/2008,09:26:36,IAS,RAD1,4128,AP_7,4,0.0.0.0,5,0,30,00-1e-58-2c-0a-70,31,00-16-6f-07-69-d5,32,DWL-3140_WLS_SW,12,1380,61,19,4108,10.1.0.196,4116,0,4155,1,4154,Use
Windows authentication for all
users,4129,MyDomain\Max,4127,5,4149,Connections to other access
servers,25,311 1 10.1.0.28 05/08/2008 13:41:55 108,4132,Smart Card or other
certificate,4130,MyDomain.net/InformationTechnology/Maxwell J.
Smart,4136,1,4142,0
0.0.0.0,sjha,05/08/2008,09:26:36,IAS,RAD1,4128,AP_7,25,311 1 10.1.0.28
05/08/2008 13:41:55 108,4132,Smart Card or other
certificate,4130,MyDomain.net/InformationTechnology/Maxwell J.
Smart,4149,Connections to other access
servers,4108,10.1.0.196,4116,0,4127,5,4155,1,4154,Use Windows authentication
for all users,4129,MyDomain\Max,4136,3,4142,23
The log files for IAS show similar
This was setup using the "Secure Wireless Access Point Configuration" guide.
I found the guide for interpreting IAS logs but just my luck Unknown error
23 is just that - unknown (someday I hope to get a known error) This appears
to be an authentication failure note that in the IAS log code 4136 has the
value of 3 which is user access denied. I need to figure out why the user
access is being denied. any help will be greatly apprecated.
Steve
.
- Follow-Ups:
- RE: IAS server blues (Can't get 802.1x to work)
- From: Steve Halvorson
- Re: IAS server blues (Can't get 802.1x to work)
- From: Meinolf Weber
- RE: IAS server blues (Can't get 802.1x to work)
- Prev by Date: HELP PLEASE! HTTP 404 error, cannot access website anymore.
- Next by Date: Re: Intermittent Network Pauses
- Previous by thread: HELP PLEASE! HTTP 404 error, cannot access website anymore.
- Next by thread: Re: IAS server blues (Can't get 802.1x to work)
- Index(es):
Relevant Pages
|
