Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: XXXXXXX\XXXXXXXX$
Account Name: host/XXXXXXX.COM
Account Domain:XXXXXXXX
Fully Qualified Account Name:XXXXXXXX\XXXXXXXXXX$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:-
Called Station Identifier:XX:XX:XXXXXXX:XX:XXXXX
Calling Station Identifier:XX:XX:XXXXXXXXXXXXX:XX
NAS:
NAS IPv4 Address:192.168.X.X
NAS IPv6 Address:-
NAS Identifier:XXXXXXX_WLC
NAS Port-Type:Wireless - IEEE 802.11
NAS Port: 1001
RADIUS Client:
Client Friendly Name:XXXXXX_WLC
Client IP Address:192.168.XX.XX
Authentication Details:
Connection Request Policy Name:EAP-TLS
Network Policy Name:EAP-TLS
Authentication Provider:Windows
Authentication Server:XXXXXXX.XXXXXX.COM
Authentication Type:EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier:-
Logging Results:Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Contact the Network Policy Server administrator for more information.
User:
Security ID: XXXXXXX\XXXXXXXX$
Account Name: host/XXXXXXX.COM
Account Domain:XXXXXXXX
Fully Qualified Account Name:XXXXXXXX\XXXXXXXXXX$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:-
Called Station Identifier:XX:XX:XXXXXXX:XX:XXXXX
Calling Station Identifier:XX:XX:XXXXXXXXXXXXX:XX
NAS:
NAS IPv4 Address:192.168.X.X
NAS IPv6 Address:-
NAS Identifier:XXXXXXX_WLC
NAS Port-Type:Wireless - IEEE 802.11
NAS Port: 1001
RADIUS Client:
Client Friendly Name:XXXXXX_WLC
Client IP Address:192.168.XX.XX
Authentication Details:
Connection Request Policy Name:EAP-TLS
Network Policy Name:EAP-TLS
Authentication Provider:Windows
Authentication Server:XXXXXXX.XXXXXX.COM
Authentication Type:EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier:-
Logging Results:Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
I tried adding a computer account to the same Windows group as the users that were working and I tried a separate group and added it to the policy and neither works.
It says credentials mismatch, but that isn't specific enough. How do you make it match?
I do see that computer names have $ appended to end. Is that an issue?
I also see account names and fully qualified names show as blank. If that needs to be fixed, how is it fixed?