[c-nsp] Wireless 802.1x authentication failures

Engelhard Mahandar Labiro engel.labiro at gmail.com
Tue Jun 14 05:01:21 EDT 2011


I think this has something to do with Server's type certificate which
doesn't bound properly to MS IAS EAP settings. You may want to
re-check if any missing checkbox related to Server's certificate.

On Tue, Jun 14, 2011 at 3:53 PM, Edward Iong <edward_iong_ at hotmail.com> wrote:
> Hi there,
>
> I have checked the cert is not expired
>
>
>
>
>
>> CC: cisco-nsp at puck.nether.net
>> From: engel.labiro at gmail.com
>> Subject: Re: [c-nsp] Wireless 802.1x authentication failures
>> Date: Tue, 14 Jun 2011 15:22:14 +0900
>> To: edward_iong_ at hotmail.com
>>
>> You may want to eliminate several issues contributing to this problem. One
>> thing to check is the expiration date of the certificate issued for MS ISA.
>>
>> HTH
>>
>> Sent from my iPhone
>>
>> On 2011/06/14, at 15:13, Edward Iong <edward_iong_ at hotmail.com> wrote:
>>
>> >
>> > Dear All,
>> >
>> > We are using windows certificates for authenticate domain computers to
>> > connect wireless network.
>> >
>> > In previous, it is working. Everyone can access wireless network. But
>> > now no one can get access, we found in the MS ISA event Log, it has a
>> > warning message as below
>> >
>> >
>> > Event Type: Warning
>> > Event Source: IAS
>> > Event Category: None
>> > Event ID: 2
>> > Date: 6/14/2011
>> > Time: 1:16:37 PM
>> > User: N/A
>> > Computer: EDC-HKNT135
>> > Description:
>> > User host/BDNB00011.bd.ABC.com was denied access.
>> > Fully-Qualified-User-Name = ABC\BDNB00011$
>> > NAS-IP-Address = 10.XXX.XXX.51
>> > NAS-Identifier = BDWLC1
>> > Called-Station-Identifier = :xxx
>> > Calling-Station-Identifier =
>> > Client-Friendly-Name = BDWLC1
>> > Client-IP-Address = 10.XXX.XXX.51
>> > NAS-Port-Type = Wireless - IEEE 802.11
>> > NAS-Port = 1
>> > Proxy-Policy-Name = Use Windows authentication for all users
>> > Authentication-Provider = Windows
>> > Authentication-Server = <undetermined>
>> > Policy-Name = <undetermined>
>> > Authentication-Type = EAP
>> > EAP-Type = <undetermined>
>> > Reason-Code = 48
>> > Reason = The connection attempt did not match any remote access policy.
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> > Data:
>> > 0000: 00 00 00 00 ....
>> >
>> > Could anyone have any clues? or any suggestion for me to find out the
>> > issue come from?
>> >
>> >
>> > Thanks and Regards,
>> >
>> >
>> > Edward
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > cisco-nsp mailing list cisco-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list