Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: JP <JP@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Apr 2007 07:38:02 -0700
Well I got a little bit further along. I can see in the security log of the
IAS server an event Event Type: Success Audit (shown below). Shouldn't there
be a GUID if it is really successful? My wireless adapter still doesn't
really conect and keeps cycling to try and validate on the network. The IAS
still will not produce a single log file. The service is setup to start
automatically, it is started, and it runs under local system. I do see in
the event log that the IAS service makes a connection with LDAP. I was
worried that perhaps since the service running under local that it is not
interacting completely with the SBS server. In AD selected the IAS server
box and enabled the trust for delegation check box. Still no log files.
Another thought, when I look at the authentication setup that is done for the
prefered network, when you are specifing the ceretificate to use, there is a
place to say which server to connect to to validate the certificate. I have
tried listing the SBS box which has the cert authority, and I've tried
listing both servers sepparated by semicolon. Can't remember if I tried only
the IAS. But they all use the same certificate so I'm not sure if it makes a
difference.
Anyway, does any of this bring up any ideas of where to look next?
Many thanks, JP (event below)
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 4/17/2007
Time: 10:27:18 AM
User: "my domain"\"my computer name"
Computer: "name of the IAS server box"
Description:
Successful Network Logon:
User Name: "my computer name"
Domain: "our domain"
Logon ID: (0x0,0x74224)
Logon Type: 3
Logon Process: Schannel
Authentication Package: Microsoft Unified Security Protocol Provider
Workstation Name: -
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--
Many thanks,
JP
"Owen Williams [SBS MVP]" wrote:
In article <14A9F399-E4E1-4A88-B30D-5E5964485521@xxxxxxxxxxxxx>,.
JP@xxxxxxxxxxxxxxxxxxxxxxxxx says...
In addition to Dave's comments ... I'm a little concerned about your
statement "I uninstalled IAS from my SBS server and moved it to another
server that runs 2003 R2." Did you really "move" IAS or just install it
from SBS2003 media on the R2 server? I ask because you say the pre-R2
SBS was upgraded from SBS2000. I have not done an 802.1x configuration
with SBS2000, but it is my understanding that IAS on WS2000 is not AD-
integrated. I just want be sure you're not running an older IAS.
I'm more concerned you are not seeing anything in the IAS logs. After
you have verified IAS logging is enabled, you should double-check your
RADIUS Client configuration in IAS. In particular: Make sure you have
specified the correct static IP for the WAP and verify the Shared Secret
is identical in IAS and on the WAP. If either of those are wrong, the
WAP won't be able to communicate with IAS.
I have been seeing some WAPs which do not correctly support RADIUS with
wireless. I have a workaround for this, but if this is the problem IAS
should still be logging access attempts, so you need to get the logging
resolved first.
-- Owen Williams (SBS MVP)
I previously had my wireless system set up the same way as this article and
it worked perfectly on my SBS2000 with ISA2000. Once i upgraded to 2003 it
of course stopped working. I wear many hats here and I haven't had the time
to give to problem to get it working. I found Owen's article this weekend
which was great and went through the steps to verify my installation and
modify if required. I uninstalled IAS from my SBS server and moved it to
another server that runs 2003 R2. It is listed in AD as a server, I
registerd IAS with AD, and the server is in the RAS and IAS servers group.
Unfortunately it is still not working. My laptop keeps finding the network
and trying to authenticate but fails. IAS is producing nothing in the logs
or in the event viewer. I also tried one additional step which was to add
the radius server info to the ISA server. There is a provision for this
under the configuration section that is pretty easy to do. Didn't seem to
help. At one point I temporarily uninstalled ISA and ran for a few minutes
without it. It didn't seem to help the problem. In the CEIEW I still
enabled a firewall and went throught the defaults. Still no go. Reinstalled
ISA and SP2. So I'm not sure if ISA is to blame or not but is seems very
likely. I recall there was a dll file that is the problem, and perhaps this
does not get removed if you uninstall ISA. Well I must say I am disappointed
that Microsoft has not provided a hotfix for this. You buy SBS as a package
and it's a great deal. I just would have hoped wireless would have been
provided for properly (normally microsoft support is top notch in my
experience). If anone has any suggestions, I would be most appreciative.
- Follow-Ups:
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Owen Williams [SBS MVP]
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- References:
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: JP
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Owen Williams [SBS MVP]
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- Prev by Date: Re: XP x64 Client won't connect to domain with ISA client installe
- Next by Date: Re: windows sbs authentication problem
- Previous by thread: Re: 802.1x authentication for wireless issues w/ ISA 2004
- Next by thread: Re: 802.1x authentication for wireless issues w/ ISA 2004
- Index(es):
Relevant Pages
|
