Win 2008 Radius Server gives no response when incorrect shared-secret is used on coova jradius client
If the correct shared-secret is used on coova jradius client, Win 2008 Radius Server sends accept packet.
But an incorrect shared-secret is used on coova jradius client, Win 2008 Radius Server gives no response at all. Why Win 2008 Radius Server doesn't send reject packet?
July 24th, 2012 3:34pm
If the correct shared-secret is used on coova jradius client, Win 2008 Radius Server sends accept packet.
But an incorrect shared-secret is used on coova jradius client, Win 2008 Radius Server gives no response at all. Why Win 2008 Radius Server doesn't send reject packet?
Free Windows Admin Tool Kit Click here and download it now
July 24th, 2012 4:49pm
Hi,
Have you check the event viewer in Windows Server 2008? Verify is there any related event log generated. Beside application and system event logs, some other detailed NPS event logs will logged under
Event Viewer\Custom Views\Server Roles\Network Policy and Access Services
Generally, if the share secret is mismatched on RADIUS client, it may generate an Event ID 14 as warning.
Event ID 14 RADIUS Client Communication
http://technet.microsoft.com/en-us/library/cc735357(v=ws.10).aspx
Best Regards,
AidenAiden Cao
TechNet Community Support
July 25th, 2012 3:09am
Hi,
Have you check the event viewer in Windows Server 2008? Verify is there any related event log generated. Beside application and system event logs, some other detailed NPS event logs will logged under
Event Viewer\Custom Views\Server Roles\Network Policy and Access Services
Generally, if the share secret is mismatched on RADIUS client, it may generate an Event ID 14 as warning.
Event ID 14 RADIUS Client Communication
http://technet.microsoft.com/en-us/library/cc735357(v=ws.10).aspx
Best Regards,
AidenAiden Cao
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2012 3:13am
Hi Aiden, Thanks for your reply. I'll check the logs you mentioned. I'm expecting server to send a response packet to client, then client can decode the packet to know it uses incorrect shared secret. But base on my wire-shark capture, there is no response
at all, so Client thinks this is timeout by mistake.
Regards,
James
July 25th, 2012 7:53am
Even Viewer says:
An Access-Request message was received from RADIUS client 47.11.148.44 with a Message-Authenticator attribute that is not valid.
Why doesn't the radius server give a REJECT response packet to client? Is this server design intent?
Thanks.
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2012 9:25am
Hi Aiden,
Event ID 18. Level:error.
Is this the reason why Win2008 server doesn't give any response?
Thanks,
James
July 25th, 2012 10:13am
Hi,
Thanks for your update.
If RADIUS server and client authentication failed, RADIUS server will send Access-Reject packet. And so generate an event log for this. Still, I am not familiar with coova radius client. I do know what prompt will shows up at client side if received Access-Reject
packet. And you may need to contact the RADIUS client vendor to see if it complies with the RADIUS protocol specification. Also check the compatibility with Windows NPS server.
For more detailed information about Event ID 18, please to the following article.
Event ID 18 NPS Server Communication
http://technet.microsoft.com/en-us/library/cc735343(v=ws.10).aspx
Best Regards,
AidenAiden Cao
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2012 2:33am