Re: 802.1x authentication for wireless issues w/ ISA 2004

Well the IAS logging finally started to work. It generates a lot of
information and I can't understand what to look for. My laptops seem to get
hung on Validating Identity. This cycles every 10 seconds or so and seems to
keep adding a new entry into the IAS log. In the event viewer on the IAS
box. I see a granting of access but then an error message logged soon after.
Then it all starts again. I will attach events below. The authenticated
event looks suspicious to me. It states to use windows to authenticate all
users. but has nothing listed for the authenticator. I thought I was only
trying to authenticate a user and that was setup in the group policy as
computer only.

The ISA server monitoring does not show anything for the various IP that
represent my IAS server or the client laptops. If i turn the radius setting
on in IAS and point the wap to the ISA/SBS box, I can see quick radius
connect and disconect messages in the ISA monitoriing. Then nothing appears
in the event log or IAS log on the IAS server machine. It skips IAS
basically. If I point the WAP at the IAS server computer then no radius
messages appear in ISA and the usual events and logs appear on the IAS server
computer. So I think ISA may not be creating the issue. I'm thinking at
this point that it may be a certificate issue? I am considering killing and
rebuilding my certificate authority. I only use it for this authentication
anyway so it shouldn't mess any thing up. Owne asked for a system diagram
which I will put immediately below. Then I will show the events. Sorry for
all the trouble and I really appreciate your help.

Phone line
DSL Modem
Nic card for internet on the SBS BOX
SBS box has Cert server, ISA and RAS on it plus all the other stuff
LAN nic on SBS BOX
Switch
Plugged into the swith is of course the SBS server, my other server that has
the IAS on it, all my client computers, and the WAP.


Many thanks,

JP

Authentication message logged in event viewer of the IAS computer
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 4/18/2007
Time: 6:41:24 PM
User: N/A
Computer: SERVER1
Description:
User host/laptop.xxx.local was granted access.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 192.168.16.40
NAS-Identifier = WAP1
Client-Friendly-Name = WAP1
Client-IP-Address = 192.168.16.40
Calling-Station-Identifier = 00-0E-35-E4-A1-95
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = <none>
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = <undetermined>
EAP-Type = <undetermined>

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....

Error message from same computer soon to follow. Then rinse and repeat.
Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 16
Date: 4/18/2007
Time: 6:41:27 PM
User: N/A
Computer: SERVER1
Description:
A RADIUS message with the Code field set to 2, which is not valid, was
received on port 1812 from RADIUS client WAP1. Valid values of the RADIUS
Code field are documented in RFC 2865.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


"
.