Extreme Networks

garey · ‎08-07-2019

How can I set the "AerohiveProbe" account password that HiveManager is using to automatically test Radius response? I see all these failures in my Network Policy Server (RADIUS) logs in my servers and would like to clean that up.

samantha_lynn · ‎11-15-2019

Hi Nigel, I ran this past our experts again just in case but unfortunately that is how things stand now. I'm sorry I don't have better news.

nwilliams-lucas · ‎11-12-2019

Hate to just piggyback on someone's thread but I am also having this issue and I already learned that NPS doesn't support the status-server (Code 12) option. But reading the rest of what you are saying we basically can't use use any of those features because we can't set those passwords and as a result there are tons and tons of Audit mismatches in AD logs. Is that the go forward answer with this?

samantha_lynn · ‎08-07-2019

Within the Device Data Collection and Monitor options, there are two options under the Automatic Synthetic Traffic Generation, RADIUS Authentication and Check Radius server connectivity via Status-Server. The second option is not supported by NPS, so it generates the errors you're seeing. The first option generates those probes, but we aren't able to edit the password those uses.

garey · ‎08-07-2019

We are using WPA2-Enterprise at several of our 30 schools with Aerohive installations. Under "Device Data Collection And Monitoring", we've enabled the Radius Authentication monitoring option. I take it that is where this AerohiveProbe connection request is coming from. Here is what shows at one of our schools in the Windows event log under NPS service on their RADIUS server....

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 8/7/2019 11:02:05 AM

Event ID: 6273

Task Category: Network Policy Server

Level: Information

Keywords: Audit Failure

User: N/A

Computer: Riverside-Cedar.riverside.local

Description:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

Security ID: NULL SID

Account Name: AerohiveProbe

Account Domain: RIVERSIDE

Fully Qualified Account Name: RIVERSIDEAerohiveProbe

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: -

Calling Station Identifier: -

NAS:

NAS IPv4 Address: 10.7.250.8

NAS IPv6 Address: -

NAS Identifier: 135 Preschool

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 0

RADIUS Client:

Client Friendly Name: CedarRapids-LAN

Client IP Address: 10.7.250.8

Authentication Details:

Connection Request Policy Name: Secure LAN Connections

Network Policy Name: -

Authentication Provider: Windows

Authentication Server: Riverside-Cedar.riverside.local

Authentication Type: MS-CHAPv2

EAP Type: -

Account Session Identifier: -

Logging Results: Accounting information was written to the local log file.

Reason Code: 16

Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

Event Xml:

<Channel>Security</Channel>

<Computer>Riverside-Cedar.riverside.local</Computer>

</System>

<Data Name="SubjectUserName">AerohiveProbe</Data>

<Data Name="SubjectDomainName">RIVERSIDE</Data>

<Data Name="FullyQualifiedSubjectUserName">RIVERSIDEAerohiveProbe</Data>

<Data Name="NASIdentifier">135 Preschool</Data>

<Data Name="NASPortType">Wireless - IEEE 802.11</Data>

<Data Name="ClientName">CedarRapids-LAN</Data>

<Data Name="ProxyPolicyName">Secure LAN Connections</Data>

<Data Name="AuthenticationProvider">Windows</Data>

<Data Name="AuthenticationServer">Riverside-Cedar.riverside.local</Data>

<Data Name="AuthenticationType">MS-CHAPv2</Data>

<Data Name="Reason">Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.</Data>

<Data Name="LoggingResult">Accounting information was written to the local log file.</Data>

</EventData>

</Event>