Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, November 5, 2010 4:21 PM
We have enabled IAS on a Windows 2003 DC and NPS on a Windows 2008 DC for our offices wireless users to be able to authenticate and use the domain. We get successful authentication followed by several errors:
*Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 14
Date: 11/5/2010
Time: 9:12:16 AM
User: N/A
Computer: XXXX
Description:
A RADIUS message was received from RADIUS client XXXX with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Internet Authentication Service snap-in and the configuration of the network access server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.*
Everything I've looked at online says that that shared secrets aren't the same however that cant be true because we are successfully authenticating against the DCs and then can get onto the domain using the wireless so it seems like a false positive. We are getting these errors on both Domain Controllers. I'm not sure where to turn to get this issue resolved. Thanks for any guidance.
All replies (6)
Friday, November 5, 2010 5:30 PM
Quoted from this link for Event ID 14:
http://eventid.net/display.asp?eventid=14&eventno=1047&source=IAS&phase=1
"I had this - it turned out that although I had remembered to add my RRAS server to the list of RADIUS clients in IAS I had left it at the default client type of RADIUS when it should be set to MICROSOFT."
I hope that helps.
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, November 5, 2010 5:54 PM
Thanks for the reply Ace! We saw that last night and tried it but are still getting the errors. I've set it to Microsoft, Cisco and RADIUS but none fixed the issue. This seems like some small setting that we either have forgot or we've enabled and shouldn't have, but we cant find anything anywhere.
Friday, November 5, 2010 6:30 PM
You're welcome for the reply!
Ok, so you set the RRAS server client type to Microsoft and no workie. Funny, I'm teaching a class this week that actually sets up NPS and RRAS, and I'm trying to remember what else may have been missed, but I don't have the student or instructor machines in front of me to double check through all of the settings. Darn...
I did find this tutorial to setup an ISA to Radius, and it states to use Radius Standard as the client type:
Installing and Configuring Windows Server 2003 RADIUS Support for VPN Clients – Including Support for EAP/TLS Authentication
http://www.isaserver.org/img/upl/vpnkitbeta2/rraspolicyeaptlsradius.htm
Here are some other links that may help.
Checklist: Installing and Configuring an RRAS VPN Server
http://technet.microsoft.com/en-us/library/dd469733.aspx
Remote Access Deployment – Part 1: Configuring Remote Access Clients, Mar 25, 2009
http://blogs.technet.com/rrasblog/archive/2009/03/25/remote-access-deployment-part-1-configuring-remote-access-clients.aspx
Remote Access Deployment – Part 2: Configuring RRAS as a VPN server, Mar 25, 2009
http://blogs.technet.com/rrasblog/archive/2009/03/25/remote-access-deployment-part-2-configuring-rras-as-a-vpn-server.aspx
Remote Access Deployment – Part 3: Configuring RADIUS Server for remote access, Mar 25, 2009
http://blogs.technet.com/b/rrasblog/archive/2009/03/25/remote-access-deployment-part-3-configuring-radius-server-for-remote-access.aspx
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Monday, November 8, 2010 7:12 AM
Hi mjkuzma,
Thanks for posting here.
Are there also other events logged ?
According the event ID and description that we can only determine that this issue caused because what IAS event log is self-explanatory: The shared secret on the RRAS Server & RADIUS Server do not match.
I would suggest double check the shared secret on both sides first ,and please note that a few rules you must follow for successful shared secrets that listed in the link below:
Meanwhile, what kind of authentication method you used for wireless network connection ?
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Monday, November 15, 2010 6:16 PM
Thanks Tiger,
We get both error 14 and error 17 on the domain controller It seems that in my case the shared secret isn't the problem as we can successfully get onto the wireless system. Once we purposely mistype the shared secret on either the DC or on the Wireless controller, we can no longer get onto the system. The authentication method we are using is WPA 2.
Tuesday, November 16, 2010 9:02 AM
Hi mjkuzma,
Thanks for update.
Could you describe how you add radius clients on NPS and IAS server ? and which parameters you inputted?
which model of your AP devices?
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.