This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

Radius request to Active Directory Domain Controller running Network Policy Server suddenly stopped working

Mattias_Anderss
New Contributor

‎11-17-2015 04:14 PM

We have a V2110 Controller set up to do authentication with RADIUS to our AD server using MSCHAP v2. But it suddenly stopped working.
In the log on the AD server I can see this many times in application log:
Negotiation failed. No available eap methods.
It never appeared before it was working and now it's showing that error a few times every minute.
I tried duplicating the Network Policy, disabling the old one and renaming the new one to the old ones name. But no luck.
Anyone else bump in to this?

0 Kudos
10 REPLIES 10

Mattias_Anderss
New Contributor

‎11-17-2015 06:25 PM

Thanks Doug, got that fixed, the server the CA server the DC was pointing to had been turned off. Installed one locally on that DC, so I no longer get that error. I configured the NPS to match the config in your screenshots.
The clients are now prompted to accept a new certificate, which makes sense.
But now instead I get "Connection failed." when trying to connect from a Mac.
If I log on to the controller and do a test of the radius, it returns Test Completed, but with ACCESS_REJECTED. I'm guessing that is expected as it never asks for a password and I'm assuming it's just testing the actual radius connection?
0 Kudos

Doug
Extreme Employee
In response to Mattias_Anderss

‎11-17-2015 06:25 PM

Like Ron stated you would want to review the NPS Event log to see why the client failed to connect. There is usually a reason code.

Here is an example:

ecfa68fa1bbb4ea38b6248985b9f5a85_27313-oge2gj_inline.jpg


Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos

Ronald_Dvorak
Honored Contributor
In response to Mattias_Anderss

‎11-17-2015 06:25 PM

There is only one place where I look in such case... the NPS log.
The controller is only the message forwarder between the wireless client and the NPS and has no clue what this 2 talk to each other.
0 Kudos

Mattias_Anderss
New Contributor
In response to Mattias_Anderss

‎11-17-2015 06:25 PM

Thanks. Any other ways to test what is going wrong in the auth that you can think of?
I ran wireshark on the radius server and I can see the connections coming in. But for some reason it just gets connection failed on the client side.
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN