Clients Unable to connect to NPS using 802.1x
I have a few XP Wireless Clients that are unable to connect to the NPS server.
On the client, I see it keeps on trying and then it times out. On the NPS under the logs I get this event id
Here is the log from NPS server:
LogName: Security
Source: Microsoft-Windows-Security-Auditing
Date: 3/26/2012 9:13:42 AM
EventID: 6273
Task Category: Network PolicyServer
Level: Information
Keywords: Audit Failure
User: N/A.
Computer: XXXX.XXXX.com
Description:
Network Policy Server deniedaccess to a user.
Contact the Network PolicyServer administrator for more information.
User:
SecurityID: XXXXXX/XXXX$
AccountName:
XXX.xxx.com
AccountDomain:
Fully Qualified Account Name: xxxx/xxxx/$
Client Machine:
SecurityID:
NULL SID
AccountName:
-
Fully Qualified Account Name: -
OS-Version:
-
Called StationIdentifier:
Calling StationIdentifier:
NAS:
NAS IPv4Address:
NAS IPv6 Address: -
NASIdentifier:
NASPort-Type:
Wireless - IEEE 802.11
NASPort:
13
RADIUS Client:
Client FriendlyName:
Client IPAddress:
Authentication Details:
Connection Request PolicyName: SecureWireless Connections
Network PolicyName: Secure Wireless Connections
AuthenticationProvider:
Windows
AuthenticationServer:
AuthenticationType: EAP
EAPType:
Microsoft: Smart Card or other certificate
Account Session Identifier:
-
LoggingResults:
Accounting information was written to the local log file.
ReasonCode:
262
Reason:
The supplied message is incomplete. The signature was not verified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<ProviderName="Microsoft-Windows-Security-Auditing"Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6273</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreatedSystemTime="2012-03-26T13:13:42.946725400Z" />
<EventRecordID>184207</EventRecordID>
<Correlation />
<ExecutionProcessID="480" ThreadID="568" />
<Channel>Security</Channel>
<Computer></Computer>
<Security/>
</System>
<EventData>
<DataName="SubjectUserSid">S-1-5-21-4194796918-174230580-1156134770-24343</Data>
<DataName="SubjectUserName"></Data>
<DataName="SubjectDomainName"></Data>
<DataName="FullyQualifiedSubjectUserName">$</Data>
<DataName="SubjectMachineSID">S-1-0-0</Data>
<DataName="SubjectMachineName">-</Data>
<DataName="FullyQualifiedSubjectMachineName">-</Data>
<DataName="MachineInventory">-</Data>
<DataName="CalledStationID"></Data>
<DataName="CallingStationID"></Data>
<DataName="NASIPv4Address"></Data>
<DataName="NASIPv6Address">-</Data>
<DataName="NASIdentifier"></Data>
<DataName="NASPortType">Wireless - IEEE 802.11</Data>
<DataName="NASPort">13</Data>
<DataName="ClientName"></Data>
<DataName="ClientIPAddress"></Data>
<DataName="ProxyPolicyName">Secure Wireless Connections</Data>
<DataName="NetworkPolicyName">Secure Wireless Connections</Data>
<DataName="AuthenticationProvider">Windows</Data>
<DataName="AuthenticationServer"></Data>
<DataName="AuthenticationType">EAP</Data>
<DataName="EAPType">Microsoft: Smart Card or other certificate</Data>
<DataName="AccountSessionIdentifier">-</Data>
<DataName="ReasonCode">262</Data>
<DataName="Reason">The supplied message is incomplete. Thesignature was not verified.</Data>
<DataName="LoggingResult">Accounting information was written to thelocal log file.</Data>
</EventData>
</Event>
March 26th, 2012 2:40pm
Please try this and see if this
helps
Method
1: Disable certificate validation on the client computer
To do
this, follow these steps:
Click Start, and then
click Control Panel.Double-click Network Connections.Right-click the
connection that you use to connect to the Windows Server 2003-based computer,
and then click Properties.On the Authenticationtab,
click Properties.Click to clear the Validate server certificate
check box.
Method
2: Install the trusted root certification authority on the client computer
Start Microsoft
Internet Explorer.In the Addressbox, type the
following address:
http://ServerName/certsrv
Note Replace <var>ServerName</var> with the
name of the server where the certification authority (CA) is stored.
Click Download a CA certificate,
certificate chain, or CRL.Under CA Certificate,
click the CA that you want to install, and then click Download CA Certificate.On the File Downloadpage,
click Open.Click Install certificate.Click Next.Click Automatically select the certificate
store based on the type of certificate, and then click Next.
Click
Finish.
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 3:09pm
Hey , I saw this KB and I have already tried this.
March 26th, 2012 3:15pm
What is the Encrption that you are using? WEP, WPA or WPA2 Enterprise?
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 3:24pm
WPA2 Enterpise
March 26th, 2012 3:33pm
Make sure that the XP Client is SP3.
If it is not SP3 then make sure that the hotfox is installed
The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) update for Windows XP with Service Pack 2 is available
http://support.microsoft.com/kb/893357
http://support.microsoft.com/kb/917021
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 3:39pm
One important thing WPA2 personal is supported only on XP 32 bit it is not supported on 64 bit.
Check the hotfix it only applies to 32 bit.
March 26th, 2012 3:43pm
Hmmmmm..I see...
SO what can i do for the 64 bit machine?
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 3:48pm
We can do 2 things
1. Chnage the method of Encryption method
2. Upgrade to Win7
By the way Win XP has already reached EOL, better to upgrade.
March 26th, 2012 3:56pm
Ok Thanks.I would upgrade to Win7.
Once again thanks for the help.
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 3:58pm