Hi,
I have an issue with RADIUS server that is running on Windows server 2008.
My installation contains:
Active Directory
Network Policy and Access Services/Certificate Services
Ruckus ZoneDirector 1100
The issue is in the following. Android and MAC devices can successfully be authenticated by entering username and password of an account that exists in AD. But when I try to connect from any Windows workstation/device with the same user account authentication fails. I am using PEAP and MS-CHAPv2.
In logs of Radius server I get following message:
Log Name: SecuritySource: Microsoft-Windows-Security-Auditing
Date: 4/17/2013 2:43:35 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: sd4.sd3.example.com
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: DOMAIN\user
Account Name: user
Account Domain:DOMAIN
Fully Qualified Account Name:DOMAIN\user
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:-
OS-Version: -
Called Station Identifier:54-45-37-59-6F-18:SSID
Calling Station Identifier:90-A4-FE-F5-5C-15
NAS:
NAS IPv4 Address:192.168.0.12
NAS IPv6 Address:-
NAS Identifier:54-45-37-59-6F-18
NAS Port-Type:Wireless - IEEE 802.11
NAS Port: 62
RADIUS Client:
Client Friendly Name:Wi-Fi
Client IP Address:192.168.0.12
Authentication Details:
Connection Request Policy Name:Secure Wireless Connections
Network Policy Name:Secure Wireless Connections
Authentication Provider:Windows
Authentication Server:sd4.sd3.example.com
Authentication Type:PEAP
EAP Type: -
Account Session Identifier:-
Logging Results:Accounting information was written to the local log file.
Reason Code: 266
Reason: The message received was unexpected or badly formatted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6273</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2013-04-17T08:43:35.748681600Z" />
<EventRecordID>1855988030</EventRecordID>
<Correlation />
<Execution ProcessID="588" ThreadID="1364" />
<Channel>Security</Channel>
<Computer>KyrBisDC01.kumtor.centerra.com</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-3308725698-569140402-2839366257-9261</Data>
<Data Name="SubjectUserName">user</Data>
<Data Name="SubjectDomainName">DOMAIN</Data>
<Data Name="FullyQualifiedSubjectUserName">DOMAIN\user</Data>
<Data Name="SubjectMachineSID">S-1-0-0</Data>
<Data Name="SubjectMachineName">-</Data>
<Data Name="FullyQualifiedSubjectMachineName">-</Data>
<Data Name="MachineInventory">-</Data>
<Data Name="CalledStationID">54-3D-37-59-6F-18:SSID</Data>
<Data Name="CallingStationID">90-A4-DE-F5-5C-15</Data>
<Data Name="NASIPv4Address">192.168.0.12</Data>
<Data Name="NASIPv6Address">-</Data>
<Data Name="NASIdentifier">54-3D-37-59-6F-18</Data>
<Data Name="NASPortType">Wireless - IEEE 802.11</Data>
<Data Name="NASPort">62</Data>
<Data Name="ClientName">Wi-Fi</Data>
<Data Name="ClientIPAddress">192.168.0.12</Data>
<Data Name="ProxyPolicyName">Secure Wireless Connections</Data>
<Data Name="NetworkPolicyName">Secure Wireless Connections</Data>
<Data Name="AuthenticationProvider">Windows</Data>
<Data Name="AuthenticationServer">sd4.sd3.example.com</Data>
<Data Name="AuthenticationType">PEAP</Data>
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdentifier">-</Data>
<Data Name="ReasonCode">266</Data>
<Data Name="Reason">The message received was unexpected or badly formatted.</Data>
<Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
</EventData>
</Event>
Windows Server 2008 that performs NPS role has last updates.
Please, someone give an advice.