is installed on the NPS or IAS server rejected the connection request.
This means that you have an IAS authentication extension DLL installed. You
the dll rejected the auth request.
your IAS or NPS server and you've issued user certificates to users.
attempt. So even if you deploy both user and computer certificates, you're
only going to have either the user or the computer authenticated.
Post by doubleHOk Thanks. So I'm configured for EAP-TLS auth. User auth works, but
computer auth does not. I am getting errors on both the IAS server and
Client. Here are the errors....
==========
IAS Server
==========
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 8/14/2008
Time: 11:33:45 AM
User: N/A
Computer: IAS1
User host/laptoptest.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\LAPTOPTEST$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 00 00 00 00 ....
==========
Client
==========
Event Type: Information
Event Source: Dot3Svc
Event Category: None
Event ID: 15514
Date: 8/14/2008
Time: 9:37:53 AM
User: N/A
Computer: LAPTOPTEST
Wired 802.1X Authentication failed.
Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler
Miniport
Interface GUID: {66cf62ec-9e70-44a2-b29a-fbe95796c647}
Peer Address: 001708CC2F00
Local Address: 0017A4D76B45
Connection ID: 0x00000004
Identity: host/laptoptest.domain.com
User: -
Domain: -
Reason: 327685
Reason Text: The authentication failed because there is a problem with the
user account
Error Code: 1078067472
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Any ideas?
Post by James McIllece [MS]You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use
PEAP-MS- CHAP v2 for computer authentication, however, because user
credentials (user name and password) are required for PEAP-MS-CHAP
v2.
If you are using Windows Server 2003, information about PEAP and EAP
is in the IAS Help.
If you are using Windows Server 2008, information about PEAP and EAP
is in the Network Policy Server (NPS) Help.
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online
account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleHHello,
I've posted this same sort of question over in the AD group, but
feel my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP with
MSCHAPv2 or EAP-TLS) for computer authentication. Clients are WXP
SP3 and currently I have EAP-TLS configured and my test user is
able to authenticate against my W2K3 IAS server. Can I use PEAP for
computer auth or must it be EAP-TLS?