Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: JP <JP@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 16 Apr 2007 10:44:03 -0700
I previously had my wireless system set up the same way as this article and
it worked perfectly on my SBS2000 with ISA2000. Once i upgraded to 2003 it
of course stopped working. I wear many hats here and I haven't had the time
to give to problem to get it working. I found Owen's article this weekend
which was great and went through the steps to verify my installation and
modify if required. I uninstalled IAS from my SBS server and moved it to
another server that runs 2003 R2. It is listed in AD as a server, I
registerd IAS with AD, and the server is in the RAS and IAS servers group.
Unfortunately it is still not working. My laptop keeps finding the network
and trying to authenticate but fails. IAS is producing nothing in the logs
or in the event viewer. I also tried one additional step which was to add
the radius server info to the ISA server. There is a provision for this
under the configuration section that is pretty easy to do. Didn't seem to
help. At one point I temporarily uninstalled ISA and ran for a few minutes
without it. It didn't seem to help the problem. In the CEIEW I still
enabled a firewall and went throught the defaults. Still no go. Reinstalled
ISA and SP2. So I'm not sure if ISA is to blame or not but is seems very
likely. I recall there was a dll file that is the problem, and perhaps this
does not get removed if you uninstall ISA. Well I must say I am disappointed
that Microsoft has not provided a hotfix for this. You buy SBS as a package
and it's a great deal. I just would have hoped wireless would have been
provided for properly (normally microsoft support is top notch in my
experience). If anone has any suggestions, I would be most appreciative.
--
Many thanks,
JP
"Dave Nickason [SBS MVP]" wrote:
If moving IAS definitely works, I'd think that would be the preferred.
solution for anyone who has a member server they can run it on. IAS has
such a low overhead, IMO it doesn't matter where you put it. I do monitor
the IAS entries in the event logs fairly closely and would miss having them
on the SBS, but that's probably more a matter of habit than an actual
complaint - it's not like I don't monitor the logs on the other servers.
That first article appears to cover the whole topic concisely, so it
probably wouldn't be much work to set this up.
"Owen Williams [SBS MVP]" <Owen@xxxxxxxxxxxxxxxxxx> wrote in message
news:MPG.203e4244ebe58f3a9899a5@xxxxxxxxxxxxxxxxxxxxx
In article <D2B7DA2B-5A43-418C-8CB7-204E8E18A4D8@xxxxxxxxxxxxx>,
jimfor@xxxxxxxxxxxxxxxxxxxxxxxxx says...
I think I am "the other person" We have experienced the same issue only
when
ISA is installed. No problems on other systems without ISA. Owen had
suggested that we move the RADIUS off the SBS and on to a terminal Server
as
an possible work around. Unfortunately, that wasn't approved by the
bosses
(they just stopped allowing VPN access). If I do run accross the
opportunity
to set one that way (RADIUS on a member server) I will post back the
results.
My sincere apologies Owen, I thought I had replied to you with a status
update.
Thanks for the post, but the "other person" I was referring to was a
private e-mail exchange and not posted here. As I recall, you did post
a previous follow-up here (although it's been a while!).
FYI, moving RADIUS (IAS) to a member server definitely works. It is
Microsoft's preferred workaround. What we are wondering now is whether
VPN configured for RADIUS authentication rather than Windows
authentication will work while leaving IAS on the SBS. If so, this will
be a preferable approach for SBS + ISA2004 installations that have no
additional servers.
-- Owen Williams (SBS MVP)
- Follow-Ups:
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Owen Williams [SBS MVP]
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Dave Nickason [SBS MVP]
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- Prev by Date: Re: New SBS-2003 SP2 Server
- Next by Date: Re: Adding Win2000 Server to SBS2003 domain
- Previous by thread: RE: WINS Cannot read from the UDP socket
- Next by thread: Re: 802.1x authentication for wireless issues w/ ISA 2004
- Index(es):
Relevant Pages
|
