Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Owen Williams [SBS MVP] <Owen@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Apr 2007 19:10:22 -0400
In article <F2309CAF-1819-4141-81A2-15ABC3629878@xxxxxxxxxxxxx>,
JP@xxxxxxxxxxxxxxxxxxxxxxxxx says...
Hmmm ... I don't use ISA myself, I use external firewall appliances. Dave has
been a great help by testing the configuration with ISA2000 and ISA2004 and
providing the information about what needs to be adjusted in ISA2004.
With that understanding ... Based on your symptoms and the placement of IAS on
a server other than the SBS, I'm wondering whether ISA2004 is blocking RADIUS
traffic or otherwise interfering with the communication between IAS and the WAP
or IAS and SBS/AD. Perhaps looking at the ISA2004 logs would shed some light
here? It would also be helpful for you to provide a simple network diagram
showing the key pieces, such as:
Internet Connection Device ->
Ext NIC -> SBS with ISA2004 -> Int NIC ->
Switch -> WS2003 with IAS
-> WAP
-> Wired PCs
In addition:
* You do NOT have a firewall enabled on the WS2003, right?
* The WAP is pointing to the WS2003 IP (not the SBS IP) as the RADIUS server,
right?
-- Owen Williams [SBS MVP]
Well I got a little bit further along. I can see in the security log of the.
IAS server an event Event Type: Success Audit (shown below). Shouldn't there
be a GUID if it is really successful? My wireless adapter still doesn't
really conect and keeps cycling to try and validate on the network. The IAS
still will not produce a single log file. The service is setup to start
automatically, it is started, and it runs under local system. I do see in
the event log that the IAS service makes a connection with LDAP. I was
worried that perhaps since the service running under local that it is not
interacting completely with the SBS server. In AD selected the IAS server
box and enabled the trust for delegation check box. Still no log files.
Another thought, when I look at the authentication setup that is done for the
prefered network, when you are specifing the ceretificate to use, there is a
place to say which server to connect to to validate the certificate. I have
tried listing the SBS box which has the cert authority, and I've tried
listing both servers sepparated by semicolon. Can't remember if I tried only
the IAS. But they all use the same certificate so I'm not sure if it makes a
difference.
Anyway, does any of this bring up any ideas of where to look next?
Many thanks, JP (event below)
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 4/17/2007
Time: 10:27:18 AM
User: "my domain"\"my computer name"
Computer: "name of the IAS server box"
Description:
Successful Network Logon:
User Name: "my computer name"
Domain: "our domain"
Logon ID: (0x0,0x74224)
Logon Type: 3
Logon Process: Schannel
Authentication Package: Microsoft Unified Security Protocol Provider
Workstation Name: -
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
- Follow-Ups:
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: JP
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Dave Nickason [SBS MVP]
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- References:
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: JP
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: Owen Williams [SBS MVP]
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- From: JP
- Re: 802.1x authentication for wireless issues w/ ISA 2004
- Prev by Date: Re: DNS resolution issue
- Next by Date: Re: 2nd Network stops working !!
- Previous by thread: Re: 802.1x authentication for wireless issues w/ ISA 2004
- Next by thread: Re: 802.1x authentication for wireless issues w/ ISA 2004
- Index(es):
Relevant Pages
|
