Hi,
We have some trouble setting up via with EAP-TLS authentication.
Scenario:
- We have distributed cert to users
- Setup ViA profiles to look at our NPS server
- The NPS server is up and we think everything is find but we get Reason code 22: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
- We are using usertemplate for clientcert and our nps server is using RAS IAS certtemplate. NPS are not a domaincontroller but domainmember
I think have looked everywhere for a solution but now we are ready to give up.
My question is if someone have one good solid guide to set up VIA with EAP-TLS verification throw windows NPS?
This is the log from client:
Aug 09 10:45:50.801 p3264 t2058 INFO anikeimpl 578 IKE PAcket Received
Aug 09 10:45:51.208 p3264 t2058 TRACE ancert_mgmt 296 Enter CertificateLeafDNTest
Aug 09 10:45:51.208 p3264 t2058 DEBUG ancert_mgmt 301 0 DN pair Configured
Aug 09 10:45:51.208 p3264 t2058 INFO ancert_mgmt 311 DN test staus 0
Aug 09 10:45:51.208 p3264 t2058 TRACE ancert_mgmt 312 Exit CertificateLeafDNTest
Aug 09 10:45:51.209 p3264 t2058 INFO ancert_mgmt 344 Issuer Attribute type 38
Aug 09 10:45:51.209 p3264 t2058 INFO ancert_mgmt 344 Issuer Attribute type 38
Aug 09 10:45:51.209 p3264 t2058 INFO ancert_mgmt 344 Issuer Attribute type 3
Aug 09 10:45:51.209 p3264 t2058 INFO ancert_mgmt 413 Issuer Attribute tierp-ZOOM2K8-CA
Aug 09 10:45:51.213 p3264 t2058 INFO ancert_mgmt 450 Validate cert and its ancestor for basic constraint check
Aug 09 10:45:51.213 p3264 t2058 ERROR ancert_mgmt 749 Query User Token failed reason = 5
Aug 09 10:45:51.213 p3264 t2058 WARNING ancert_mgmt 585 Failed locating a logged on user, err= 5, Continueing..
Aug 09 10:45:51.213 p3264 t2058 INFO ancert_mgmt 622 The size of the chain context is 72.
Aug 09 10:45:51.213 p3264 t2058 INFO ancert_mgmt 623 1 simple chains found.
Aug 09 10:45:51.213 p3264 t2058 INFO ancert_mgmt 624 Error Status code is 1
Aug 09 10:45:51.213 p3264 t2058 INFO ancert_mgmt 628 This certificate or one of the certificates in the certificate chain is not time-valid.
Aug 09 10:45:51.214 p3264 t2058 ERROR anike_mocana_cbh 1510 CHILD_SA [v2 I] failed
Aug 09 10:45:51.214 p3264 t2058 INFO anike_mocana_cbh 1512 , status = -6012
Aug 09 10:45:51.215 p3264 t2058 ERROR anike_mocana_cbh 1390 IKE_SA [v2 I] (id=0xa3b378f3) failed
Aug 09 10:45:51.215 p3264 t2058 ERROR anike_mocana_cbh 1397 sending ike event
Aug 09 10:45:51.215 p3264 t2058 ERROR anike_mocana_cbh 1402 IKE Phase 1 SA Failed status = -6012
Aug 09 10:45:51.215 p3264 t2058 TRACE anikeimpl 302 EAP INFO Deleted EAP Session.
Aug 09 10:45:51.215 p3264 t2058 DEBUG anikeimpl 531