Security

Reply
Regular Contributor I

Bad or unknown response from AAA server

While using "AAA Test Server" utility authenticating via a IAS server, I get "Bad or unknown response from AAA server." The same test on other local controllers show "Authentication Successful."

When I view the IAS server's "Event Viewer\System" log it shows that the authentication was granted access.

This controller is configured via our Master controller so it's Security Configuration is the same as all the other local controllers.

Just for kicks, I double checked that this was true and sure enough all AAA settings are the same on this controller as the others.

I'm able to ping from the IAS server to this controller and back, so there is not IP issue that I can see.

I've searched the support website and the User Guide and I'm at a complete loss as to what could be causing this problem; is there somewhere else I should be looking? :confused:
Guru Elite

AAA Server


While using "AAA Test Server" utility authenticating via a IAS server, I get "Bad or unknown response from AAA server." The same test on other local controllers show "Authentication Successful."

When I view the IAS server's "Event Viewer\System" log it shows that the authentication was granted access.

This controller is configured via our Master controller so it's Security Configuration is the same as all the other local controllers.

Just for kicks, I double checked that this was true and sure enough all AAA settings are the same on this controller as the others.

I'm able to ping from the IAS server to this controller and back, so there is not IP issue that I can see.

I've searched the support website and the User Guide and I'm at a complete loss as to what could be causing this problem; is there somewhere else I should be looking? :confused:




Probably the #1 reason for this happening is bad preshared key. Re-enter the preshared key on the Radius server for that. To see what the controller is receiving back, do a:

config t
logging level debugging security process authmgr

Then do:

show log security all


That will show you what message the Aruba controller is receiving from the radius server.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Bad or unknown response from AAA server

Thanks for the suggestion Colin, I already tried that but had the same results.

In desperation I created a backup IAS server to handle the requests, blew up the one that was giving me trouble and rebuilt it. Now everything works.

Chalk one up to the mysteries of Microsoft Server. :mad:
Aruba Employee

Re: Bad or unknown response from AAA server

I had a similar situation with ACS. I built a group that all the Aruba controllers would be added to for administrative access to the controllers themselves and got that exact error from the controllers. Couldn't get any definitive info from the controllers or ACS. Blew away the group in ACS, rebuilt it, all was good.
Aruba Employee

Re: Bad or unknown response from AAA server

I just had the similar situation "Bad or unknown responce from aaa test server" when we do aaa test server and NPS server security logs shows "An Access-Request message was received from RADIUS client (ip addr) with a Message-Authenticator attribute that is not valid.

This could happen due to any Network corruption, latency, or other network problems unrelated to NPS/IAS/others might produce this condition.

Kindly make sure that the remote RADIUS server configuration, including the IP address of the RADIUS client/proxy server and the shared secret configured on the server running NPS and on the RADIUS client, is accurate.

encrypt disable
show aaa authentication-server radius

above commands will show you the sever config with the key, IP address, ports etc and please make sure all is correct.

This fixed the issue for one of my customer.

Thanks
MKS
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: