Wireless (General)

 View Only
Expand all | Collapse all

Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

  • 1.  Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 16:14
    We have a V2110 Controller set up to do authentication with RADIUS to our AD server using MSCHAP v2. But it suddenly stopped working.
    In the log on the AD server I can see this many times in application log:
    Negotiation failed. No available eap methods.
    It never appeared before it was working and now it's showing that error a few times every minute.
    I tried duplicating the Network Policy, disabling the old one and renaming the new one to the old ones name. But no luck.
    Anyone else bump in to this?



  • 2.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 16:19
    Do you have a connection request policy configured? Check that first, are you keying off of anything specific in the policy?


  • 3.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 16:52
    Yes, it is set to NAS Port Type with the value Wireless - Other OR Wireless - IEEEE 802.11.


  • 4.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 17:00
    Basic PEAP setup without any Filter-ID return...







  • 5.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 17:16
    Ah, when I hit edit on that I just get:
    Cannot configure EAP
    A certificate could not be found that can be used with this Extensible Authentication Protocol.


  • 6.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 17:19
    That would do it... Take a look at https://technet.microsoft.com/library/cc771696.aspx for more info and assistance.


  • 7.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 18:25
    Thanks Doug, got that fixed, the server the CA server the DC was pointing to had been turned off. Installed one locally on that DC, so I no longer get that error. I configured the NPS to match the config in your screenshots.
    The clients are now prompted to accept a new certificate, which makes sense.
    But now instead I get "Connection failed." when trying to connect from a Mac.
    If I log on to the controller and do a test of the radius, it returns Test Completed, but with ACCESS_REJECTED. I'm guessing that is expected as it never asks for a password and I'm assuming it's just testing the actual radius connection?


  • 8.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working



  • 9.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 18:25
    Thanks. Any other ways to test what is going wrong in the auth that you can think of?
    I ran wireshark on the radius server and I can see the connections coming in. But for some reason it just gets connection failed on the client side.


  • 10.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 18:25
    There is only one place where I look in such case... the NPS log.
    The controller is only the message forwarder between the wireless client and the NPS and has no clue what this 2 talk to each other.


  • 11.  RE: Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

    Posted 11-17-2015 18:25
    Like Ron stated you would want to review the NPS Event log to see why the client failed to connect. There is usually a reason code.

    Here is an example: