Hi,
i'm after some help with an NPS server I manage
I've setup a NPS server (without NAP active) on a 2008r2.
I'm seeing events 6278 and 6272 pairs for users as they connect.
I have Machine or user authentication running.
What is happening is the connection drops every now and then, sometimes after a few seconds, sometimes longer. But it will always happen within 2 minutes.
If I just used wpa2 I didn't have the issue.
I've created a separate certificate for machine authentication and one for user authentication
Output from netsh nps show config follows.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>netsh nps show config
Client configuration:
---------------------------------------------------------
Name = wx3010
Address = 10.0.8.2
State = Enabled
Shared secret = AdelaidePremiers1997-1998 (not really password)
Require auth attrib = No
NAP capable = No
Vendor = RADIUS Standard
Connection request policy configuration:
---------------------------------------------------------
Name = Use Windows authentication for all users
State = Enabled
Processing order = 1000001
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x1006 "0 00:00-24:00; 1 00:00-24:0
0; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00"
Profile attributes:
Name Id
Value
---------------------------------------------------------
Auth-Provider-Type 0x1025 "0x1"
Connection request policy configuration:
---------------------------------------------------------
Name = Curric Secure Wireless Machine Connections
State = Enabled
Processing order = 1
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x3d "^18$|^19$"
Profile attributes:
Name Id
Value
---------------------------------------------------------
Auth-Provider-Type 0x1025 "0x1"
Connection request policy configuration:
---------------------------------------------------------
Name = Guest Network Secure Wireless Connections
State = Disabled
Processing order = 2
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x3d "^18$|^19$"
Profile attributes:
Name Id
Value
---------------------------------------------------------
Auth-Provider-Type 0x1025 "0x1"
Event log configuration:
---------------------------------------------------------
Accepted authentication requests = Enabled
Rejected authentication requests = Enabled
File log configuration:
---------------------------------------------------------
Accounting = Enabled
Authentication = Enabled
Periodic accounting status = Enabled
Periodic authentication status = Enabled
Directory = C:\Windows\system32\LogFiles
Format = ODBC formatting
Delete old logs = Enabled
Frequency = Monthly logs
Max size = 10 MB
Ports configuration:
---------------------------------------------------------
Accounting ports = 1813,1646
Authentication ports = 1812,1645
Network policy configuration:
---------------------------------------------------------
Name = Connections to other access servers
State = Enabled
Processing order = 1000001
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x1006 "0 00:00-24:00; 1 00:00-24:0
0; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00"
Profile attributes:
Name Id
Value
---------------------------------------------------------
NP-Allow-Dial-in 0x100f "FALSE"
NP-Authentication-Type 0x1009 "0x3" "0x4" "0x9" "0xa"
Quarantine-Update-Non-Compliant 0x1fc8 "TRUE"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"
Network policy configuration:
---------------------------------------------------------
Name = Connections to Microsoft Routing and Remote Access server
State = Enabled
Processing order = 1000000
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x1033 "^311$"
Profile attributes:
Name Id
Value
---------------------------------------------------------
NP-Allow-Dial-in 0x100f "FALSE"
NP-Allowed-EAP-Type 0x100a "1A0000000000000000000000000
00000" "0D000000000000000000000000000000"
NP-Authentication-Type 0x1009 "0x5" "0x4" "0xa" "0x3" "0x9
"
Quarantine-Update-Non-Compliant 0x1fc8 "TRUE"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"
MS-Filter 0x102f
===============================================================
IPFILTER_IPV4INFILTER Action: DENY
---------------------------------------------------------------
Address . . . . . : 0.0.0.0
Mask. . . . . . . : 0.0.0.0
Protocol. . . . . : 0
Source Port . . . : 0
Destination Port. : 0
---------------------------------------------------------------
MS-MPPE-Encryption-Policy 0xffffffa7 "0x2"
MS-MPPE-Encryption-Types 0xffffffa6 "0xe"
Network policy configuration:
---------------------------------------------------------
Name = Curric Secure Wireless Machine Connections
State = Enabled
Processing order = 1
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x3d "^18$|^19$"
Condition1 0x1023 "S-1-5-21-3373441940-3891712
694-2128681551-3133;S-1-5-21-3373441940-3891712694-2128681551-1632"
Profile attributes:
Name Id
Value
---------------------------------------------------------
EAP-Configuration 0x1fa2 "190000000000000000000000000
000004C030000020000004C0300000100000014000000D80BFA95CB1FBCC8027A7233C1DD0C3162A
D61870100000001000000240300001A0000000000000003000000040000000200000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000"
MS-Extended-Quarantine-State 0x1fd9 "0x0"
Ignore-User-Dialin-Properties 0x1005 "TRUE"
NP-Allow-Dial-in 0x100f "TRUE"
NP-Allowed-EAP-Type 0x100a "190000000000000000000000000
00000"
NP-Authentication-Type 0x1009 "0x5" "0x3" "0x9" "0x4" "0xa
"
MS-Quarantine-State 0x1faf "0x0"
Quarantine-Update-Non-Compliant 0x1fc8 "FALSE"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"
MS-Link-Utilization-Threshold 0xffffffaa "0x32"
MS-Link-Drop-Time-Limit 0xffffffa9 "0x78"
Network policy configuration:
---------------------------------------------------------
Name = Guest Network Secure Wireless Connections
State = Disabled
Processing order = 1
Policy source = 0
Condition attributes:
Name Id
Value
---------------------------------------------------------
Condition0 0x3d "^18$|^19$"
Condition1 0x1023 "S-1-5-21-3373441940-3891712
694-2128681551-1632"
Condition2 0x100c "10.0.16.3"
Profile attributes:
Name Id
Value
---------------------------------------------------------
Ignore-User-Dialin-Properties 0x1005 "TRUE"
NP-Allow-Dial-in 0x100f "TRUE"
NP-Allowed-EAP-Type 0x100a "190000000000000000000000000
00000"
NP-Authentication-Type 0x1009 "0x5" "0x3" "0x9" "0x4" "0xa
"
MS-Quarantine-State 0x1faf "0x0"
Quarantine-Update-Non-Compliant 0x1fc8 "TRUE"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"
Server registration:
---------------------------------------------------------
Status = Registered
SHV configuration:
---------------------------------------------------------
Id = 79744
Name = Windows Security Health Validator
Vendor = Microsoft Corporation
Description = The Windows Security Health Validator defines t
he policy that client computers must be compliant with.
Version = 1.0
Policy server unreachable = Noncompliant
Remediation server unreachable = Noncompliant
System Health Agent failure = Noncompliant
NAP server failure = Noncompliant
Other errors = Noncompliant
SQL log configuration:
---------------------------------------------------------
Connection =
Description =
Accounting = Enabled
Authentication = Enabled
Periodic accounting status = Enabled
Periodic authentication status = Enabled
Max sessions = 20
Ok.
C:\Windows\system32>