IAS on DC fail to authenticate non-doamin devices utilizing Network AEP
We have deploy wireless authentication WPA with EPA-TLS, here are the components. -IAS (installed on DC others on regular servers) -CAs -Cisco Ironet 1200 configured to support open authentication with EAP and Network EPA with no additions -Windows XP and Vista laptops -Cisco Wireless IP Phone 7921 Windows devices are able to work once they get the user and computer certificates. Our problem are with the cisco IP Phones 7921 and IAS installed on DCs. Cisco 7921 phones need CA authority certificate and user certificate (you can not install computer certificate) and again they work just fine if the IAS is installed on a server that is not a DC. For my remote locations I have to Install IAS on DC server and here is when the problem come up , they failed to connect and the only thing see is the follow event log. Event Type: Warning Event Source: IAS Event Category: None Event ID: 2 Date: 11/5/2009 Time: 9:52:57 AM User: N/A Computer: TACDC00 Description: User Cisco7921 was denied access. Fully-Qualified-User-Name = mycompany.com/Users/Service Accounts/Cisco7921 NAS-IP-Address = 10.11.3.4 NAS-Identifier = TACWAP03 Called-Station-Identifier = 0024.5105.96c1 Calling-Station-Identifier = 0022.90fd.994a Client-Friendly-Name = TACWAP03 Client-IP-Address = 10.11.3.4 NAS-Port-Type = Wireless - IEEE 802.11 NAS-Port = 3230 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = Wireless WPA Access Authentication-Type = EAP EAP-Type = Smart Card or other certificate Reason-Code = 23 Reason = Unexpected error. Possible error in server or client configuration. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 27 03 09 80 '.. Any help will be appreciated.
November 6th, 2009 11:49pm