Controllerless Networks

Reply
Occasional Contributor II

Radius Server Authentication Failure

Our IAP-105 network has been working fine until recently when our ELHS-SECURE SSID network has not authenticated clients. Our Windows Server 2012 has RADIUS 802.1x setup, but for some reason all the sudden our Aruba IAP-105 can no longer authenticate. I am looking for a path to find the cause of the issue. No changes to the server have occurred other than standard Windows updates.

 

Mr. Perry Lund
Guru Elite

Re: Radius Server Authentication Failure

You should look at the event viewer of the radius server to get a clue.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Radius Server Authentication Failure

I have looked at the Event Viewer and see the following message:

 

Event ID: 18 NPS Server Communication -

An Access-Request message was received from RADIUS client %1 with a message authenticator attribute that is not valid.

 

While I am researching the issue, I am not the person who originally set this configuration up, so any clues to issues to check are appreciated here in this forum.

Mr. Perry Lund
Occasional Contributor II

Re: Radius Server Authentication Failure

Currently, when users try to connect to ELHS-SECURE which uses the 802.1x authentication, smartphones and MacBooks work fine. However, Windows 10 machines throw a fit.

 

Prior to this wireless connectivity snafu, wireless access has been pretty flawless.

Mr. Perry Lund
Guru Elite

Re: Radius Server Authentication Failure

Have you seen this?  http://community.arubanetworks.com/t5/Security/2nd-NPS-server-gives-Message-Authenticator-attribute-not-valid/m-p/31610#M1396



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Radius Server Authentication Failure

Colin,

 

I looked at that thread and it does not seem to apply to our situation.

 

Mr. Perry Lund
Guru Elite

Re: Radius Server Authentication Failure

Did you compare the keys?  Was the Server Certificate Changed recently?  Mobile devices and macs easily accept a new key; windows does not.  Either way we need to know what changed on the NPS server recently, otherwise we won't really get anywhere.  If the IAP configuration was not changed, it is the NPS server we need to be looking at.. 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Radius Server Authentication Failure

I agree that the issue is with the NPS server. The keys are good. The server certificate was not changed to my knowledge recently and does not expire until summer 2018. I do believe the IAP is all good as well. There is one other person involved in our Windows Server 2012 install who setup the server and has helped with issues. I will try to bring him into this discussion.

 

Please bear with my newbie status as I am the lead person at this small private school and trying my best to figure things out.

Mr. Perry Lund
Guru Elite

Re: Radius Server Authentication Failure

No problem.  We just need to ask as many questions as possible to see how to fix this...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Radius Server Authentication Failure

Colin -

 

I am at the school now. I can confirm that SmartPhones (iOS and Android) connect fine. MacOS devices connect fine. ChromeOS can connect as well. Windows 7 and Windows 10 devices do not connect. 

 

So now we know the credentials between IAP and the RADIUS server are working. Just something in the policy settings or certificate on the Windows Server 2012 must have issue.

Mr. Perry Lund
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: