Discussion:
802.1x Wired Auth and Authentication
(too old to reply)
doubleH
2008-08-14 17:53:02 UTC
Permalink
Hello,

I've posted this same sort of question over in the AD group, but feel my
issue may be better suited here.

I am confused on the Authentication I need to implement (PEAP with MSCHAPv2
or EAP-TLS) for computer authentication. Clients are WXP SP3 and currently I
have EAP-TLS configured and my test user is able to authenticate against my
W2K3 IAS server. Can I use PEAP for computer auth or must it be EAP-TLS?
James McIllece [MS]
2008-08-14 19:01:17 UTC
Permalink
You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use PEAP-MS-
CHAP v2 for computer authentication, however, because user credentials
(user name and password) are required for PEAP-MS-CHAP v2.

If you are using Windows Server 2003, information about PEAP and EAP is in
the IAS Help.

If you are using Windows Server 2008, information about PEAP and EAP is in
the Network Policy Server (NPS) Help.

James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleH
Hello,
I've posted this same sort of question over in the AD group, but feel
my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP with
MSCHAPv2 or EAP-TLS) for computer authentication. Clients are WXP SP3
and currently I have EAP-TLS configured and my test user is able to
authenticate against my W2K3 IAS server. Can I use PEAP for computer
auth or must it be EAP-TLS?
doubleH
2008-08-14 19:11:07 UTC
Permalink
Ok Thanks. So I'm configured for EAP-TLS auth. User auth works, but computer
auth does not. I am getting errors on both the IAS server and Client. Here
are the errors....

==========
IAS Server
==========

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 8/14/2008
Time: 11:33:45 AM
User: N/A
Computer: IAS1
Description:
User host/laptoptest.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\LAPTOPTEST$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....


==========
Client
==========

Event Type: Information
Event Source: Dot3Svc
Event Category: None
Event ID: 15514
Date: 8/14/2008
Time: 9:37:53 AM
User: N/A
Computer: LAPTOPTEST
Description:
Wired 802.1X Authentication failed.

Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler
Miniport
Interface GUID: {66cf62ec-9e70-44a2-b29a-fbe95796c647}
Peer Address: 001708CC2F00
Local Address: 0017A4D76B45
Connection ID: 0x00000004
Identity: host/laptoptest.domain.com
User: -
Domain: -
Reason: 327685
Reason Text: The authentication failed because there is a problem with the
user account

Error Code: 1078067472


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Any ideas?
Post by James McIllece [MS]
You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use PEAP-MS-
CHAP v2 for computer authentication, however, because user credentials
(user name and password) are required for PEAP-MS-CHAP v2.
If you are using Windows Server 2003, information about PEAP and EAP is in
the IAS Help.
If you are using Windows Server 2008, information about PEAP and EAP is in
the Network Policy Server (NPS) Help.
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleH
Hello,
I've posted this same sort of question over in the AD group, but feel
my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP with
MSCHAPv2 or EAP-TLS) for computer authentication. Clients are WXP SP3
and currently I have EAP-TLS configured and my test user is able to
authenticate against my W2K3 IAS server. Can I use PEAP for computer
auth or must it be EAP-TLS?
James McIllece [MS]
2008-08-14 19:27:34 UTC
Permalink
Reason code 21 means that an IAS extension dynamic link library (DLL) that
is installed on the NPS or IAS server rejected the connection request.
This means that you have an IAS authentication extension DLL installed. You
will have to examine documentation for your extension dll to understand why
the dll rejected the auth request.

What user accounts database are you using?

Also, are you using a private CA? I assume you have issued a server cert to
your IAS or NPS server and you've issued user certificates to users.

Keep in mind that neither EAP-TLS or PEAP-TLS provide dual authentication,
where both the user and computer are authenticated on the same connection
attempt. So even if you deploy both user and computer certificates, you're
only going to have either the user or the computer authenticated.
Post by doubleH
Ok Thanks. So I'm configured for EAP-TLS auth. User auth works, but
computer auth does not. I am getting errors on both the IAS server and
Client. Here are the errors....
==========
IAS Server
==========
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 8/14/2008
Time: 11:33:45 AM
User: N/A
Computer: IAS1
User host/laptoptest.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\LAPTOPTEST$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 00 00 00 00 ....
==========
Client
==========
Event Type: Information
Event Source: Dot3Svc
Event Category: None
Event ID: 15514
Date: 8/14/2008
Time: 9:37:53 AM
User: N/A
Computer: LAPTOPTEST
Wired 802.1X Authentication failed.
Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet
Scheduler
Miniport
Interface GUID: {66cf62ec-9e70-44a2-b29a-fbe95796c647}
Peer Address: 001708CC2F00
Local Address: 0017A4D76B45
Connection ID: 0x00000004
Identity: host/laptoptest.domain.com
User: -
Domain: -
Reason: 327685
Reason Text: The authentication failed because there is a problem with the
user account
Error Code: 1078067472
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Any ideas?
Post by James McIllece [MS]
You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use
PEAP-MS- CHAP v2 for computer authentication, however, because user
credentials (user name and password) are required for PEAP-MS-CHAP
v2.
If you are using Windows Server 2003, information about PEAP and EAP
is in the IAS Help.
If you are using Windows Server 2008, information about PEAP and EAP
is in the Network Policy Server (NPS) Help.
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online
account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleH
Hello,
I've posted this same sort of question over in the AD group, but
feel my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP with
MSCHAPv2 or EAP-TLS) for computer authentication. Clients are WXP
SP3 and currently I have EAP-TLS configured and my test user is
able to authenticate against my W2K3 IAS server. Can I use PEAP for
computer auth or must it be EAP-TLS?
doubleH
2008-08-14 20:39:01 UTC
Permalink
How do I see where/what the IAS auth extension is? I'm using AD W2K3 and have
Cert Service and issues user and computer cert to my test user and test
laptop.

Thanks
Post by James McIllece [MS]
Reason code 21 means that an IAS extension dynamic link library (DLL) that
is installed on the NPS or IAS server rejected the connection request.
This means that you have an IAS authentication extension DLL installed. You
will have to examine documentation for your extension dll to understand why
the dll rejected the auth request.
What user accounts database are you using?
Also, are you using a private CA? I assume you have issued a server cert to
your IAS or NPS server and you've issued user certificates to users.
Keep in mind that neither EAP-TLS or PEAP-TLS provide dual authentication,
where both the user and computer are authenticated on the same connection
attempt. So even if you deploy both user and computer certificates, you're
only going to have either the user or the computer authenticated.
Post by doubleH
Ok Thanks. So I'm configured for EAP-TLS auth. User auth works, but
computer auth does not. I am getting errors on both the IAS server and
Client. Here are the errors....
==========
IAS Server
==========
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 8/14/2008
Time: 11:33:45 AM
User: N/A
Computer: IAS1
User host/laptoptest.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\LAPTOPTEST$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 00 00 00 00 ....
==========
Client
==========
Event Type: Information
Event Source: Dot3Svc
Event Category: None
Event ID: 15514
Date: 8/14/2008
Time: 9:37:53 AM
User: N/A
Computer: LAPTOPTEST
Wired 802.1X Authentication failed.
Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler
Miniport
Interface GUID: {66cf62ec-9e70-44a2-b29a-fbe95796c647}
Peer Address: 001708CC2F00
Local Address: 0017A4D76B45
Connection ID: 0x00000004
Identity: host/laptoptest.domain.com
User: -
Domain: -
Reason: 327685
Reason Text: The authentication failed because there is a problem with the
user account
Error Code: 1078067472
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Any ideas?
Post by James McIllece [MS]
You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use
PEAP-MS- CHAP v2 for computer authentication, however, because user
credentials (user name and password) are required for PEAP-MS-CHAP
v2.
If you are using Windows Server 2003, information about PEAP and EAP
is in the IAS Help.
If you are using Windows Server 2008, information about PEAP and EAP
is in the Network Policy Server (NPS) Help.
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online
account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleH
Hello,
I've posted this same sort of question over in the AD group, but
feel my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP with
MSCHAPv2 or EAP-TLS) for computer authentication. Clients are WXP
SP3 and currently I have EAP-TLS configured and my test user is
able to authenticate against my W2K3 IAS server. Can I use PEAP for
computer auth or must it be EAP-TLS?
James McIllece [MS]
2008-08-18 18:36:38 UTC
Permalink
Frankly I don't know, I don't have any experience with third-party
extension dlls. But it sounds to me like you didn't even install an
extension dll, is that the case?

Could another person have installed a dll on your test machine?

If not, and if there is no dll installed, there is some other problem.
Post by doubleH
How do I see where/what the IAS auth extension is? I'm using AD W2K3
and have Cert Service and issues user and computer cert to my test
user and test laptop.
Thanks
Post by James McIllece [MS]
Reason code 21 means that an IAS extension dynamic link library (DLL)
that is installed on the NPS or IAS server rejected the connection
request. This means that you have an IAS authentication extension DLL
installed. You will have to examine documentation for your extension
dll to understand why the dll rejected the auth request.
What user accounts database are you using?
Also, are you using a private CA? I assume you have issued a server
cert to your IAS or NPS server and you've issued user certificates to
users.
Keep in mind that neither EAP-TLS or PEAP-TLS provide dual
authentication, where both the user and computer are authenticated on
the same connection attempt. So even if you deploy both user and
computer certificates, you're only going to have either the user or
the computer authenticated.
Post by doubleH
Ok Thanks. So I'm configured for EAP-TLS auth. User auth works, but
computer auth does not. I am getting errors on both the IAS server
and Client. Here are the errors....
==========
IAS Server
==========
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 8/14/2008
Time: 11:33:45 AM
User: N/A
Computer: IAS1
User host/laptoptest.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\LAPTOPTEST$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 00 00 00 00 ....
==========
Client
==========
Event Type: Information
Event Source: Dot3Svc
Event Category: None
Event ID: 15514
Date: 8/14/2008
Time: 9:37:53 AM
User: N/A
Computer: LAPTOPTEST
Wired 802.1X Authentication failed.
Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler
Miniport
Interface GUID: {66cf62ec-9e70-44a2-b29a-fbe95796c647}
Peer Address: 001708CC2F00
Local Address: 0017A4D76B45
Connection ID: 0x00000004
Identity: host/laptoptest.domain.com
User: -
Domain: -
Reason: 327685
Reason Text: The authentication failed because there is a problem with the
user account
Error Code: 1078067472
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Any ideas?
Post by James McIllece [MS]
You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use
PEAP-MS- CHAP v2 for computer authentication, however, because
user credentials (user name and password) are required for
PEAP-MS-CHAP v2.
If you are using Windows Server 2003, information about PEAP and
EAP is in the IAS Help.
If you are using Windows Server 2008, information about PEAP and
EAP is in the Network Policy Server (NPS) Help.
James McIllece, Microsoft
Please do not send email directly to this alias. This is my
online account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleH
Hello,
I've posted this same sort of question over in the AD group, but
feel my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP
with MSCHAPv2 or EAP-TLS) for computer authentication. Clients
are WXP SP3 and currently I have EAP-TLS configured and my test
user is able to authenticate against my W2K3 IAS server. Can I
use PEAP for computer auth or must it be EAP-TLS?
doubleH
2008-08-18 20:05:01 UTC
Permalink
i'm the only one to touch the servers so no one else installed something. so
how can we fix this "other problem"

i've got user auth working for EAP-TLS, but computer auth still won't work.
Post by James McIllece [MS]
Frankly I don't know, I don't have any experience with third-party
extension dlls. But it sounds to me like you didn't even install an
extension dll, is that the case?
Could another person have installed a dll on your test machine?
If not, and if there is no dll installed, there is some other problem.
Post by doubleH
How do I see where/what the IAS auth extension is? I'm using AD W2K3
and have Cert Service and issues user and computer cert to my test
user and test laptop.
Thanks
Post by James McIllece [MS]
Reason code 21 means that an IAS extension dynamic link library (DLL)
that is installed on the NPS or IAS server rejected the connection
request. This means that you have an IAS authentication extension DLL
installed. You will have to examine documentation for your extension
dll to understand why the dll rejected the auth request.
What user accounts database are you using?
Also, are you using a private CA? I assume you have issued a server
cert to your IAS or NPS server and you've issued user certificates to
users.
Keep in mind that neither EAP-TLS or PEAP-TLS provide dual
authentication, where both the user and computer are authenticated on
the same connection attempt. So even if you deploy both user and
computer certificates, you're only going to have either the user or
the computer authenticated.
Post by doubleH
Ok Thanks. So I'm configured for EAP-TLS auth. User auth works, but
computer auth does not. I am getting errors on both the IAS server
and Client. Here are the errors....
==========
IAS Server
==========
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 8/14/2008
Time: 11:33:45 AM
User: N/A
Computer: IAS1
User host/laptoptest.domain.com was denied access.
Fully-Qualified-User-Name = DOMAIN\LAPTOPTEST$
NAS-IP-Address = 192.168.73.2
NAS-Identifier = CORE2
Called-Station-Identifier = 00-17-08-cc-2f-00
Calling-Station-Identifier = 00-17-a4-d7-6b-45
Client-Friendly-Name = CORE2
Client-IP-Address = 192.168.73.2
NAS-Port-Type = Ethernet
NAS-Port = 93
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
0000: 00 00 00 00 ....
==========
Client
==========
Event Type: Information
Event Source: Dot3Svc
Event Category: None
Event ID: 15514
Date: 8/14/2008
Time: 9:37:53 AM
User: N/A
Computer: LAPTOPTEST
Wired 802.1X Authentication failed.
Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler
Miniport
Interface GUID: {66cf62ec-9e70-44a2-b29a-fbe95796c647}
Peer Address: 001708CC2F00
Local Address: 0017A4D76B45
Connection ID: 0x00000004
Identity: host/laptoptest.domain.com
User: -
Domain: -
Reason: 327685
Reason Text: The authentication failed because there is a problem with the
user account
Error Code: 1078067472
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Any ideas?
Post by James McIllece [MS]
You can use PEAP-TLS or EAP-TLS for computer auth; you cannot use
PEAP-MS- CHAP v2 for computer authentication, however, because
user credentials (user name and password) are required for
PEAP-MS-CHAP v2.
If you are using Windows Server 2003, information about PEAP and
EAP is in the IAS Help.
If you are using Windows Server 2008, information about PEAP and
EAP is in the Network Policy Server (NPS) Help.
James McIllece, Microsoft
Please do not send email directly to this alias. This is my
online account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by doubleH
Hello,
I've posted this same sort of question over in the AD group, but
feel my issue may be better suited here.
I am confused on the Authentication I need to implement (PEAP
with MSCHAPv2 or EAP-TLS) for computer authentication. Clients
are WXP SP3 and currently I have EAP-TLS configured and my test
user is able to authenticate against my W2K3 IAS server. Can I
use PEAP for computer auth or must it be EAP-TLS?
James McIllece [MS]
2008-08-21 15:47:23 UTC
Permalink
Hi there --

I ran this by the product team and they said (quoted text is between
asterisks):

***************

We need more detail on the server configuration and what it is logging
during the failure. Please do the following steps in the specified order so
that we capture the event logs with MPS Reports after the repro for
correlation with the previously captured RAS logs.

1. Capture RAS tracing logs on the IAS server:

a) From a command prompt, type 'netsh ras set tracing * enable'
b) Reproduce the machine authentication failure.
c) Turn off tracing from a command prompt with 'netsh ras set tracing *
disable'
d) The logs are contained in the %SystemRoot%\Tracing folder.

2. Download the MPSRPT_Network.exe file from the location below and run it
on the IAS server.
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-
408f-88b7-f9c79b7306c0&DisplayLang=en


Please zip up the contents of the %SystemRoot%\Tracing folder, and send
them to me along with the MPS Reports cab file.

*****************

I will be happy to forward your files to the product team if you will send
them to me at ***@no-spam.microsoft.com.

Just remove no-spam from the address. Thanks!
Post by doubleH
i'm the only one to touch the servers so no one else installed
something. so how can we fix this "other problem"
i've got user auth working for EAP-TLS, but computer auth still won't work.
snip<<<
Post by James McIllece [MS]
James McIllece, Microsoft
Please do not send email directly to this alias. This is my
online account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
doubleH
2008-08-21 17:28:01 UTC
Permalink
i found the issue. i pointed the switches to my backup IAS server and things
worked. turns out we had an ias agent for our 2 factor authentication tokens
that didn't need to be installed. i've uninstalled it.

thanks
Post by James McIllece [MS]
Hi there --
I ran this by the product team and they said (quoted text is between
***************
We need more detail on the server configuration and what it is logging
during the failure. Please do the following steps in the specified order so
that we capture the event logs with MPS Reports after the repro for
correlation with the previously captured RAS logs.
a) From a command prompt, type 'netsh ras set tracing * enable'
b) Reproduce the machine authentication failure.
c) Turn off tracing from a command prompt with 'netsh ras set tracing *
disable'
d) The logs are contained in the %SystemRoot%\Tracing folder.
2. Download the MPSRPT_Network.exe file from the location below and run it
on the IAS server.
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-
408f-88b7-f9c79b7306c0&DisplayLang=en
Please zip up the contents of the %SystemRoot%\Tracing folder, and send
them to me along with the MPS Reports cab file.
*****************
I will be happy to forward your files to the product team if you will send
Just remove no-spam from the address. Thanks!
Post by doubleH
i'm the only one to touch the servers so no one else installed
something. so how can we fix this "other problem"
i've got user auth working for EAP-TLS, but computer auth still won't work.
snip<<<
Post by James McIllece [MS]
James McIllece, Microsoft
Please do not send email directly to this alias. This is my
online account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and
confers no rights.
James McIllece [MS]
2008-08-21 20:04:03 UTC
Permalink
Glad you got it working.

James
Post by doubleH
i found the issue. i pointed the switches to my backup IAS server and
things worked. turns out we had an ias agent for our 2 factor
authentication tokens that didn't need to be installed. i've
uninstalled it.
thanks
Post by James McIllece [MS]
Hi there --
I ran this by the product team and they said (quoted text is between
***************
We need more detail on the server configuration and what it is
logging during the failure. Please do the following steps in the
specified order so that we capture the event logs with MPS Reports
after the repro for correlation with the previously captured RAS
logs.
a) From a command prompt, type 'netsh ras set tracing * enable'
b) Reproduce the machine authentication failure.
c) Turn off tracing from a command prompt with 'netsh ras set tracing
* disable'
d) The logs are contained in the %SystemRoot%\Tracing folder.
2. Download the MPSRPT_Network.exe file from the location below and
run it on the IAS server.
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5
- 408f-88b7-f9c79b7306c0&DisplayLang=en
Please zip up the contents of the %SystemRoot%\Tracing folder, and
send them to me along with the MPS Reports cab file.
*****************
I will be happy to forward your files to the product team if you will
Just remove no-spam from the address. Thanks!
Post by doubleH
i'm the only one to touch the servers so no one else installed
something. so how can we fix this "other problem"
i've got user auth working for EAP-TLS, but computer auth still won't work.
snip<<<
Post by James McIllece [MS]
James McIllece, Microsoft
Please do not send email directly to this alias. This is my
online account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and
confers no rights.
--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Loading...