Hi Folks,
We recently migrated to NPS from using Cisco Secure ACS to authenticate users on our Corporate WLAN. We want to ensure that machine auth occurs first then user auth (which was the way we had it set up with Cisco ACS). Currently we are seeing the following errors in the event logs when it attempts Machine Authentication, but User Authentication seems to work fine (if the user has logged into the workstation previously as it uses cached credentials).
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: host/HOSTNAME
Account Domain: DOMAINNAME
Fully Qualified Account Name: DOMAINNAME\HOSTNAME$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 000B8661F100
Calling Station Identifier: 0024D61AA0AE
NAS:
NAS IPv4 Address: CONTROLLERIP
NAS IPv6 Address: -
NAS Identifier: CONTROLLERNAME
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0
RADIUS Client:
Client Friendly Name: CONTROLLERNAME
Client IP Address: CONTROLLERIP
Authentication Details:
Connection Request Policy Name: ArubaWireless
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: NPSSERVERNAME
Authentication Type: MS-CHAPv2
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: NPSSERVERNAME$
Account Domain: DOMAINNAME
Logon ID: 0x3e7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: HOSTNAME$
Account Domain: DOMAINNAME
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc0000199
Sub Status: 0x0
Process Information:
Caller Process ID: 0x360
Caller Process Name: C:\Windows\System32\svchost.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: IAS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Some of the previous arcticles have mentioned to disable termination, but when I do that users are unable to connect at all. We currently aren't using any type of certificates, could this be the issue? Is this a requirement for machine authentication? I have followed the guides available on Airheads for both IAS and NPS but am still hitting a roadblock on this.
Any help would be greatly appreciated!!
thanks,
Rick
#3400