Thank you in advance.
I have setup a 2012 standard server, setup and am able to connect remotely with vpn. How ever users not connected to the domain are unable to open shared folders but users which are on the domain can. What do I need to do to give the non domain users access to their folders as when they connect directly onto the LAN they can open the shared folders but not through the VPN connection.
I am guessing it is a policy issue but am not sure, any help will be appreciated.
Setup:
Unifi AP's connected to NPS running on Server 2012 R2.
Goal:
1. Laptop users to be able to connect to the production wireless network simply by having their computer accounts in an authorized group egCompany/Laptops
2. If your device is not in the said group (not an AD object in essence), promote for credentials from eg.Company/Authorized Users.
What so far:
I created a Network Policy with one of its conditions being that you have to be a member ofCompany/Laptops to be granted access to the wireless network. This works fine as laptop connect directly if authorized.
A second policy was created where the condition was you have to be a member ofCompany/Authorized Users.
Problem:
1. After implementing the second policy, which is 2nd in the processing order, even authorized laptop are prompted for credentials.
2. Devices not in the Company/Laptops group are not granted access at all.
Defeated does not begin to describe my current situation, to a point wordings will not assist my cause. So here are screen shots (apologies in advance):
Radius Client:
Connection Request Policy (Processing No. 1)
Network Policy Settings:
NB:The user certificate as been successful autoenrolled to intended users.
Result:
NB: I am assuming if we have been prompted for credentials, the communication process is so far ok.
However:
I hope the pictorial illustration can successful substitute my word, for I have completely no idea what is wrong here.
Hi everyone, i have a problem with wifi conection and i think it so strange.
I install window server 2012 r2 on my laptop and then active wireless LAN service follow this guide https://www.niallbrady.com/2012/09/01/how-can-i-manually-enable-wireless-networking-in-windows-server-2012/
it work ok but when i try connect to wifi, it always noticet that connection limited and wifi is broadcasted bymodem. The strangeness here is when i connect to wifi is broadcasted byMacbook is actualy ok, who can help me solve this prolem ?.
Sorry for my bad english, Thanks so much.
Hi All,
I'm setting up a NAP IPsec enforcement.
I can see that it's already working, the auto-remediation is working.
But my problem here is that when I try to apply the Anti Virus on SHV, it detects my test unit which doesn't have an Anti Virus, but it still connect on the Network.
Correct me if I'm wrong, but my understanding to this is that if the computer is non-compliant, it will have restricted access like it can't access the network, the internet, etc. Is that right? And if yes, what do you think I'm missing on my setup to restrict those non compliant computers?
I'm very new to this, please help me.
Thank you!
I have a problem in my RADIUS server.
Here is the chronology in my client:
Is there something miss in my configuration? Where should I start?
Thank You
Hi all,
We are using a pair of Microsoft 2012 NPS servers as RADIUS proxy servers, behind which are another pair of NPS servers as RADIUS authentication servers. Users on our local wireless network can authenticate via this infrastructure, using Active Directory accounts, without problems. Authentication is PEAP/EAP-MSCHAP v2.
However, the NPS infrastructure is also used when our users are at other organisations that offer the academiceduroam service, with their authentication requests being proxied back to our authentication servers. These roaming users are failing to authenticate nearly all the time, though occasionally a successful authentication is observed in the event viewer
on the authentication servers. The failed authentication attempts typically generate an event viewer message:
Network Policy Server discarded the request for a user.
The reason in this event viewer message is given as:
The RADIUS Request message that Network Policy Server received from the network access server was malformed.
Because the authentication server discards the request and so does not respond to the proxy server, the proxy server also discards the request.
The problem is evident on RADIUS authentication servers running on both Windows 2008r2 and Windows 2012.
I'd be grateful for any advice on how to discover what it is that makes the authentication servers consider the access-requests as "malformed", or indeed what might be causing this for so many users when authenticating remotely over the WAN, even though local authentication is fine.
One possible problem is described in
https://technet.microsoft.com/en-us/library/cc755205(v=ws.10).aspx
We have applied the relevant configuration described in
https://technet.microsoft.com/en-us/library/cc771164(v=ws.10).aspx
but the problem remains.
There are also postings that suggest malformed requests can be related to server certificate issues, but I understand that if there were such an issue it would affect local authentication as well.
Thanks in advance for any help anyone can offer.
Stuart
Setup:
Problem:
Help.
Hi All,
Followed the Step-by-step NAP IPsec.
I build the OU for Secure and Boundary and put my NPS1 to Boundary OU and 2 Windows 7 client on Secure OU. 1 is non-compliant and 1 is compliant, what happens here is that when I try to ping Windows7(Non-Compliant) on my NPS Server the result is RTO when I ping Windows7(Compliant) on my NPS Server I can ping it, however when I'm on Windows7(Non-Compliant) unit and I ping every server on my network, I can ping them and remote them. What do I need to add on my configuration? I think it should be like Windows7(Non-Compliant) cannot ping and access every Compliant workstation and Servers but the result is different.
Another question is, do I really need to set my workstations firewall ON? because as per my boss requirement, the default policy is to turn off the Firewall.
Thank you!
Hi,
I am wondering how MSCHAPv2 packets can be transformed to NTLMv2 authentication?
I know it can be done using the following:
https://support.microsoft.com/en-us/kb/2811487
Basically, I would like to do the same in NPS extension, is it possible?
Best regards,
Roman
Hi All,
I have a question regarding all NAP Enforcement Method.
Do they all need to have the Firewall ON? Because as per step-by-step NAP IPsec, the IPsec policy for Boundary and Secure OU requires that Firewall is ON so the connectivity rule will be applied.
Thanks
Hi All,
First of all Sorry for so many questioned ask by me, I'm very new to this and given a minimum time to deploy this NAP thing.
I have AD server that also have DNS and DHCP role, and I have this RADIUS server which where I will setup as NAP Server also. And planning to deploy a NAP DHCP Enforcement. Is it possible that may NAP is different server from my DHCP? Because my Boss doesn't want me to use AD Server as my NAP Server.
Thank you.
Hello everyone,
Currently I work on backup radius and I want to duplicate/synchronize configuration on multiple server, but I don't want to reset the configuration on my secondary server each time (import/export etc), so is it possible to update the configuration on the slave server without erase and replace ?
Regards
Hi All,
I'm currently working for NAP IPsec Enforcement and recently saw this IP Security Policy in GPO, thinking this is the IPsec Policy mentioned in this thread :
https://social.technet.microsoft.com/Forums/en-US/ef4cecde-a43d-4d28-b476-b1fa6a460409/ipsec-nap-limited-network-access-is-not-very-limited?forum=winserverNAP
and out of curiosity I assign one of the IP Security Policy created by default on that part and applied the second one
After I assign this and run gpupdate /force command on my NPS/NAP Server, I now cannot remote my NPS/NAP Server. Is there a way I can recover this? Or I can use it again?
Because on my WIN7 unit, I assign the 3rd policy, and same problem occurs, cannot remote it and it's like blocked on my domain, what I did is that I unjoin and rejoin my WIN7 unit then it is okay now, but I can't do it on my NPS/NAP Server since it have ADCS.
What would you recommend me to do for this? Or any workaround or solution for my NPS/NAP Server to be normalize again?
Thank you.
I receive this event twice in the NPAS event viewer:
Note:
I've posted this question 3 times and still no help.
So, please, anyone, HELP!!
Hi,
I have a small problem and i don't know how to resolve it, please help me.
I want to set up an file/printing server. I installed Windows Server 2012 Standard on a HP micro server, and here is my problem. I can't see the server on the network. The rest of the clients (laptops and desktops with windows 7/10) can see each other, can ping them self, can access, only the servers is the one that can't be accessed. Also from the server i can't see the rest of the clients. The network on the server is working, I can make internet browsing from it, also the client and the server are in the same VLAN. Only the router can see the server, from it I can ping the server and from the server I can ping the router.
Thank you
Best Regards