Wireless Access

Reply

Authentication server request timed out

In Airwaves, it shows a lot of "Authentication server request timed out" issues, for multiple controllers attempting to authenticate wireless users.  The RADIUS server is Windows NPS.  I would assume the issue is with NPS, but I don't see anything logged in RADIUS to indicate an issue.  The RADIUS server itself seems to be online and not having any issues.  Has anyone else seen this before?

 

We're on OS v5.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II

Re: Authentication server request timed out

We've been experancing similiar issues.   We running 6.1.2.4 and authenticating to a 2003 IAS Server via a 2003 IAS proxy server.

 

When we looked at the IAS Server we saw season time-outs, so I've redirected the request to a less busy server and its helped alot, but still get them every now and again.

Guru Elite

Re: Authentication server request timed out

How many simultaneous users do you have possibly hitting that radius server?

 

It would indicate that the server is missing some requests, so it could be overloaded.  By default, the controller will try three times before indicating that a server did not respond.  You could try increasing the Timeout Parameter on the Radius server, to see if giving the server more time will you see less Authentication server request timeouts.  You probably do not want to increase the Retransmits number on the radius server, because that may end up increasing the utilization on the server.  You could also ensure that the radius server is doing as little as possible and make sure that things like other programs and things that increase cpu utilization like screensavers are turned off.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Authentication server request timed out


cjoseph wrote:

How many simultaneous users do you have possibly hitting that radius server?

 

It would indicate that the server is missing some requests, so it could be overloaded.  By default, the controller will try three times before indicating that a server did not respond.  You could try increasing the Timeout Parameter on the Radius server, to see if giving the server more time will you see less Authentication server request timeouts.  You probably do not want to increase the Retransmits number on the radius server, because that may end up increasing the utilization on the server.  You could also ensure that the radius server is doing as little as possible and make sure that things like other programs and things that increase cpu utilization like screensavers are turned off.

 

 



Only a couple hundred of users.

 

I'm trying to understand the relationship between timeout and retransmits.  If retransmits are set to '3' and timeout is set to '5', does that mean that there will be 3 attempts, each attempt timing out after 5 seconds?  If so, that would indicate that I'm not receiving a response after 15 seconds.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Authentication server request timed out

correct



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Authentication server request timed out

After a packet capture on our RADIUS server and examining it's log files, I was able to figure out the problem.

 

The issue is with Windows NPS.  It's not sending an "access-reject" packet back to the controller when the "access-request" packet contains incorrect credentials.  Since the controller doesn't receive a response, it suspects that the RADIUS server is unavailable.  MS has listed a hotfix for it: http://support.microsoft.com/kb/979137

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Authentication server request timed out

The hot fix says this is if you configured the ping name registry entry on the server. Does that match your situation? Did you apply the fix and are no longer having problems?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Authentication server request timed out

No, we do not  have the ping name registry entry configured.  I can't find any other articles regarding NPS not sending access-reject messages and assume this must be the fix.  I decided against applying the hotfix as MS states that the hotfixes aren't fully tested.  I'll see if I can create a dev environment and test the hotfix to be 100% sure it resolves the issue.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Authentication server request timed out

Compnerd,

 

Please let us know how it goes.  Please feel free to open a support case in parallel so that they can dive into this in earnest.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Authentication server request timed out

Any resolution to this issue?

 

I've got a pair of 2008R2 NPS and we're getting the same result to one of them with a few hundred users as well (controller on 6.1.3.1). If I added the second server (which tests successfully in diags) to the auth profile the network begins to authenticate again, and I don't have any issues, but the original radius still fails. I'm not convinced the issue is in the NPS, since restarting the service, etc. seems to have no effect. The only way I've got to clear up the issue so far is a controller reboot (less than desirable). It appears to be a time thing - after a certain amount of time (a week?), RADIUS auth begins to fail, and won't work again until the reboot. Maybe that's not related at all? I plan to open a support ticket, but in case anyone has found a solution, I'm all ears.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: