Discussion:
IAS server stops authenticating workstations and users
(too old to reply)
GHL
2009-02-23 16:57:01 UTC
Permalink
I have a Windows 2003 R2 server that was running fine and doing its job
authenticating workstations and users for 2 months. Last week the
authentication process promptly stopped, the service was still running. The
IAS server stopped logging. Messages on the Cisco AP said "cannot
authenticate workstation". I installed a second IAS server and the
authentication process has resumed. What I would like to know is, why the
first IAS server stopped authenticating in the first place ?? Is there some
kind of cache on a Radius server that has to be emptied or is it the log file
that gets to full and the server fails to respond to the demands from the
client ?? Was it because of a Windows update ??
If anyone has an idea an answer would be appreciated. If more info is
needed on my setup just let me know ..
thanks
James McIllece [MS]
2009-02-23 19:44:39 UTC
Permalink
Post by GHL
I have a Windows 2003 R2 server that was running fine and doing its
job authenticating workstations and users for 2 months. Last week the
authentication process promptly stopped, the service was still
running. The IAS server stopped logging. Messages on the Cisco AP said
"cannot authenticate workstation". I installed a second IAS server and
the authentication process has resumed. What I would like to know is,
why the first IAS server stopped authenticating in the first place ??
Is there some kind of cache on a Radius server that has to be emptied
or is it the log file that gets to full and the server fails to
respond to the demands from the client ?? Was it because of a Windows
update ?? If anyone has an idea an answer would be appreciated. If
more info is needed on my setup just let me know ..
thanks
IAS stops processing authentication requests when there is not enough space
on the hard drive to write to the log file. That's probably what happened,
and it will happen again on the second IAS server if logging is not
configured properly and/or you run out of hard drive space.

*************
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
GHL
2009-02-23 20:17:03 UTC
Permalink
Hi James,
I have 98 gig free on the hard disk.
G.L.
Post by James McIllece [MS]
Post by GHL
I have a Windows 2003 R2 server that was running fine and doing its
job authenticating workstations and users for 2 months. Last week the
authentication process promptly stopped, the service was still
running. The IAS server stopped logging. Messages on the Cisco AP said
"cannot authenticate workstation". I installed a second IAS server and
the authentication process has resumed. What I would like to know is,
why the first IAS server stopped authenticating in the first place ??
Is there some kind of cache on a Radius server that has to be emptied
or is it the log file that gets to full and the server fails to
respond to the demands from the client ?? Was it because of a Windows
update ?? If anyone has an idea an answer would be appreciated. If
more info is needed on my setup just let me know ..
thanks
IAS stops processing authentication requests when there is not enough space
on the hard drive to write to the log file. That's probably what happened,
and it will happen again on the second IAS server if logging is not
configured properly and/or you run out of hard drive space.
*************
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
James McIllece [MS]
2009-02-24 01:09:02 UTC
Permalink
OK, so that probably is not the problem. :-)

Have you tested communication between the IAS server and the RADIUS clients
to ensure that all links are up? Also wondering if you have viewed the IAS
log file -- is IAS receiving Access-Request messages from RADIUS clients?
If so, what error/reason codes are you getting in Event Viewer?

Have you verified the configuration of the RADIUS clients both in IAS and
at the client itself -- for example, are you certain that the shared
secrets all match?

Just some ideas to assist you in troubleshooting, though you may have tried
some or all of this. If you have inspected all of these things and have not
found a cause, you probably need to call Customer Support Services to
resolve the issue.
Post by GHL
Hi James,
I have 98 gig free on the hard disk.
G.L.
Post by James McIllece [MS]
Post by GHL
I have a Windows 2003 R2 server that was running fine and doing its
job authenticating workstations and users for 2 months. Last week
the authentication process promptly stopped, the service was still
running. The IAS server stopped logging. Messages on the Cisco AP
said "cannot authenticate workstation". I installed a second IAS
server and the authentication process has resumed. What I would
like to know is, why the first IAS server stopped authenticating in
the first place ?? Is there some kind of cache on a Radius server
that has to be emptied or is it the log file that gets to full and
the server fails to respond to the demands from the client ?? Was
it because of a Windows update ?? If anyone has an idea an answer
would be appreciated. If more info is needed on my setup just let
me know .. thanks
IAS stops processing authentication requests when there is not enough
space on the hard drive to write to the log file. That's probably
what happened, and it will happen again on the second IAS server if
logging is not configured properly and/or you run out of hard drive
space.
*************
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online
account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Martin Bodenstedt
2009-02-24 06:37:31 UTC
Permalink
Post by GHL
I have a Windows 2003 R2 server that was running fine and doing its job
authenticating workstations and users for 2 months. Last week the
authentication process promptly stopped, the service was still running. The
IAS server stopped logging. Messages on the Cisco AP said "cannot
authenticate workstation". I installed a second IAS server and the
authentication process has resumed. What I would like to know is, why the
first IAS server stopped authenticating in the first place ?? Is there some
kind of cache on a Radius server that has to be emptied or is it the log file
that gets to full and the server fails to respond to the demands from the
client ?? Was it because of a Windows update ??
If anyone has an idea an answer would be appreciated. If more info is
needed on my setup just let me know ..
If you're using certificates - is the server certificate expired by any
chance?
--
Martin Bodenstedt

(www.die-bodenstedts.de / www.maboko.de)
Loading...