Discussion:
Windows 2008 NPS Authentication Error
(too old to reply)
Rob
2009-03-01 04:32:32 UTC
Permalink
Hi All,

I'm trying to setup a secure wireless network, I'm using a Cisco 1130AG
wireless access point and Windows 2008 RADIUS Server. I've configured NPS
for secure wireless, unfortunately, I don't have all the config details at
the moment.

I have a AD CS setup and is issuing certs, I tried using the "Computer" cert
and the "IAS template" cert but both give me the same error on the RADIUS
Server:

An Access-Request message was received from RADIUS client X.X.X.X with a
message authenticator attribute that is not valid

Unfortunately, the AP is managed by our service provider therefore I cannot
provide details on how the AP was configured as I do not have visibility
into the AP.

AD, CS and RADIUS are all on seperate servers, but I believe it should still
work.

Any help or guidance would be greatly appreciated.

Thanks.
James McIllece [MS]
2009-03-02 19:58:30 UTC
Permalink
Hi Rob --

The AP needs to have EAP authentication enabled before this deployment will
work.

Also, client computers must trust your CA, so the CA cert must be in the
Trusted Root Certification Authorities Store on clients.

To check and verify your cert deployments you can use the following guides:

Foundation Network Companion Guide: Deploying Server Certificates
http://go.microsoft.com/fwlink/?LinkId=108259

Foundation Network Companion Guide: Deploying Computer and User
Certificates
http://go.microsoft.com/fwlink/?LinkId=115742

********************

James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

*********************
Post by Rob
Hi All,
I'm trying to setup a secure wireless network, I'm using a Cisco
1130AG wireless access point and Windows 2008 RADIUS Server. I've
configured NPS for secure wireless, unfortunately, I don't have all
the config details at the moment.
I have a AD CS setup and is issuing certs, I tried using the
"Computer" cert and the "IAS template" cert but both give me the same
An Access-Request message was received from RADIUS client X.X.X.X with
a message authenticator attribute that is not valid
Unfortunately, the AP is managed by our service provider therefore I
cannot provide details on how the AP was configured as I do not have
visibility into the AP.
AD, CS and RADIUS are all on seperate servers, but I believe it should
still work.
Any help or guidance would be greatly appreciated.
Thanks.
Rob
2009-03-02 22:34:21 UTC
Permalink
Thanks James, I got over this issue by enabling EAP authentication.
My issue now is that using Wireshark (on RADIUS server), i see the traffic
coming in from the AP but I don't see the response back from the RADIUS
server back to the AP. I have set the Authentication to "Accept users with
validating credentials" and I see in the logs event 6272 basically saying
Network Policy Server granted access to a user but still can't connect.
Post by James McIllece [MS]
Hi Rob --
The AP needs to have EAP authentication enabled before this deployment will
work.
Also, client computers must trust your CA, so the CA cert must be in the
Trusted Root Certification Authorities Store on clients.
Foundation Network Companion Guide: Deploying Server Certificates
http://go.microsoft.com/fwlink/?LinkId=108259
Foundation Network Companion Guide: Deploying Computer and User
Certificates
http://go.microsoft.com/fwlink/?LinkId=115742
********************
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
*********************
Post by Rob
Hi All,
I'm trying to setup a secure wireless network, I'm using a Cisco
1130AG wireless access point and Windows 2008 RADIUS Server. I've
configured NPS for secure wireless, unfortunately, I don't have all
the config details at the moment.
I have a AD CS setup and is issuing certs, I tried using the
"Computer" cert and the "IAS template" cert but both give me the same
An Access-Request message was received from RADIUS client X.X.X.X with
a message authenticator attribute that is not valid
Unfortunately, the AP is managed by our service provider therefore I
cannot provide details on how the AP was configured as I do not have
visibility into the AP.
AD, CS and RADIUS are all on seperate servers, but I believe it should
still work.
Any help or guidance would be greatly appreciated.
Thanks.
Loading...