Re: 802.1x authentication for wireless issues w/ ISA 2004

Dave and Owen,

Thank you very much for your replies.

Dave, I am glad to know that it is possible to get this to work. I did
follow Owen's steps and have cleared the check box for the strict enforcement
of the RPC protocol and the other setting under the AD entry (can't remember
it at the moment). I am unclear as to what you are saying by needing to
enable radius in the system policy of the server runing IAS. Can you point my
in the right directions here?

Owen, The way I moved the IAS server was to go through add/remove windows
components and unchecked the IAS server under Network Services. This was on
my SBS2003 box (not sbs2003 R2). I then went to a Windows Server 2003 R2 box
and went to the add/remove windows components and enabled the IAS there. I
did not use the SBS media. Perhaps the IAS for R2 has and issue
communicating back to an SBS2003 AD.

I will check the setup again this morning and post my resuslts. I am using
the same WAP's that I had before when I was running 2000 and they did use
radius authentication in that setup as well.

Thank you both so much for your help! I hope to have better news soon.

--
Many thanks,

JP


"Owen Williams [SBS MVP]" wrote:

In article <14A9F399-E4E1-4A88-B30D-5E5964485521@xxxxxxxxxxxxx>,
JP@xxxxxxxxxxxxxxxxxxxxxxxxx says...

In addition to Dave's comments ... I'm a little concerned about your
statement "I uninstalled IAS from my SBS server and moved it to another
server that runs 2003 R2." Did you really "move" IAS or just install it
from SBS2003 media on the R2 server? I ask because you say the pre-R2
SBS was upgraded from SBS2000. I have not done an 802.1x configuration
with SBS2000, but it is my understanding that IAS on WS2000 is not AD-
integrated. I just want be sure you're not running an older IAS.

I'm more concerned you are not seeing anything in the IAS logs. After
you have verified IAS logging is enabled, you should double-check your
RADIUS Client configuration in IAS. In particular: Make sure you have
specified the correct static IP for the WAP and verify the Shared Secret
is identical in IAS and on the WAP. If either of those are wrong, the
WAP won't be able to communicate with IAS.

I have been seeing some WAPs which do not correctly support RADIUS with
wireless. I have a workaround for this, but if this is the problem IAS
should still be logging access attempts, so you need to get the logging
resolved first.

-- Owen Williams (SBS MVP)

I previously had my wireless system set up the same way as this article and
it worked perfectly on my SBS2000 with ISA2000. Once i upgraded to 2003 it
of course stopped working. I wear many hats here and I haven't had the time
to give to problem to get it working. I found Owen's article this weekend
which was great and went through the steps to verify my installation and
modify if required. I uninstalled IAS from my SBS server and moved it to
another server that runs 2003 R2. It is listed in AD as a server, I
registerd IAS with AD, and the server is in the RAS and IAS servers group.
Unfortunately it is still not working. My laptop keeps finding the network
and trying to authenticate but fails. IAS is producing nothing in the logs
or in the event viewer. I also tried one additional step which was to add
the radius server info to the ISA server. There is a provision for this
under the configuration section that is pretty easy to do. Didn't seem to
help. At one point I temporarily uninstalled ISA and ran for a few minutes
without it. It didn't seem to help the problem. In the CEIEW I still
enabled a firewall and went throught the defaults. Still no go. Reinstalled
ISA and SP2. So I'm not sure if ISA is to blame or not but is seems very
likely. I recall there was a dll file that is the problem, and perhaps this
does not get removed if you uninstall ISA. Well I must say I am disappointed
that Microsoft has not provided a hotfix for this. You buy SBS as a package
and it's a great deal. I just would have hoped wireless would have been
provided for properly (normally microsoft support is top notch in my
experience). If anone has any suggestions, I would be most appreciative.

.

Relevant Pages

  • Re: 802.1x authentication for wireless issues w/ ISA 2004
    ... The first thing to do is to make sure that logging is turned on in IAS, ... machines - the SBS, the box that hosts IAS, and the wireless client PC. ... The only thing that comes to mind regarding ISA 2004 that's any different ... I uninstalled IAS from my SBS server and moved it to ...
    (microsoft.public.windows.server.sbs)
  • Re: 802.1x authentication for wireless issues w/ ISA 2004
    ... I have IAS installed on the SBS, ... separate RADIUS server installed on a member server for ... I have "Authenticate requests on this server" ...
    (microsoft.public.windows.server.sbs)
  • Aironet 1200/MS Radius Help - Yet Again
    ... Your collective help thus far has made me understand more about wireless ... RADIUS/IAS Server. ... I also got a certificate from verisign to install on one of the two IAS ... there are communications between the client and access ...
    (microsoft.public.internet.radius)
  • RE: Internet Authentication Service Issues
    ... I think the problem should be caused by that the SBS 2000 server (IAS ... In SBS system there is no Trust will be available. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Redundant IAS servers
    ... > additional IAS servers as RADIUS clients to my central IAS ... > server but that is not the redundancy I'm after. ... central IAS server configuration to a file, ...
    (microsoft.public.internet.radius)
Loading