[c-nsp] Wireless 802.1x authentication failures

Edward Iong edward_iong_ at hotmail.com
Tue Jun 14 04:08:53 EDT 2011


Hi,
 
I have checked carefully, the remote access policy has no issue because other countries are also using that IAS for wireless authentication.
 
Now we have asked MS to look into the problem.
 
Thanks and Regards,
 
Edward
 
> Date: Tue, 14 Jun 2011 08:35:43 +0100
> From: p.mayers at imperial.ac.uk
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Wireless 802.1x authentication failures
> 
> On 06/14/2011 07:13 AM, Edward Iong wrote:
> >
> > Dear All,
> >
> > We are using windows certificates for authenticate domain computers to connect wireless network.
> >
> > In previous, it is working. Everyone can access wireless network. But now no one can get access, we found in the MS ISA event Log, it has a warning message as below
> >
> >
> 
> This question is not really appropriate for this list, but see below
> 
> > Event Type: Warning
> > Event Source: IAS
> > Event Category: None
> > Event ID: 2
> > Date: 6/14/2011
> > Time: 1:16:37 PM
> > User: N/A
> > Computer: EDC-HKNT135
> > Description:
> > User host/BDNB00011.bd.ABC.com was denied access.
> > Fully-Qualified-User-Name = ABC\BDNB00011$
> > NAS-IP-Address = 10.XXX.XXX.51
> > NAS-Identifier = BDWLC1
> > Called-Station-Identifier = :xxx
> > Calling-Station-Identifier =
> > Client-Friendly-Name = BDWLC1
> > Client-IP-Address = 10.XXX.XXX.51
> > NAS-Port-Type = Wireless - IEEE 802.11
> > NAS-Port = 1
> > Proxy-Policy-Name = Use Windows authentication for all users
> > Authentication-Provider = Windows
> > Authentication-Server =<undetermined>
> > Policy-Name =<undetermined>
> > Authentication-Type = EAP
> > EAP-Type =<undetermined>
> > Reason-Code = 48
> > Reason = The connection attempt did not match any remote access policy.
> 
> The error message above seems clear. You need to write a remote access 
> policy that will match the request. How you do this depends on exactly 
> which version of Microsoft IAS/NPS/whatever they're calling it these days.
> 
> If it worked previously, then either:
> 
> a. someone has deleted the working remote access policies, or
> b. something has changed about your requests so the policies no longer 
> match
> 
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
 		 	   		  


More information about the cisco-nsp mailing list