[c-nsp] Wireless 802.1x authentication failures
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jun 14 03:35:43 EDT 2011
On 06/14/2011 07:13 AM, Edward Iong wrote:
>
> Dear All,
>
> We are using windows certificates for authenticate domain computers to connect wireless network.
>
> In previous, it is working. Everyone can access wireless network. But now no one can get access, we found in the MS ISA event Log, it has a warning message as below
>
>
This question is not really appropriate for this list, but see below
> Event Type: Warning
> Event Source: IAS
> Event Category: None
> Event ID: 2
> Date: 6/14/2011
> Time: 1:16:37 PM
> User: N/A
> Computer: EDC-HKNT135
> Description:
> User host/BDNB00011.bd.ABC.com was denied access.
> Fully-Qualified-User-Name = ABC\BDNB00011$
> NAS-IP-Address = 10.XXX.XXX.51
> NAS-Identifier = BDWLC1
> Called-Station-Identifier = :xxx
> Calling-Station-Identifier =
> Client-Friendly-Name = BDWLC1
> Client-IP-Address = 10.XXX.XXX.51
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 1
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server =<undetermined>
> Policy-Name =<undetermined>
> Authentication-Type = EAP
> EAP-Type =<undetermined>
> Reason-Code = 48
> Reason = The connection attempt did not match any remote access policy.
The error message above seems clear. You need to write a remote access
policy that will match the request. How you do this depends on exactly
which version of Microsoft IAS/NPS/whatever they're calling it these days.
If it worked previously, then either:
a. someone has deleted the working remote access policies, or
b. something has changed about your requests so the policies no longer
match
More information about the cisco-nsp
mailing list