Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 28, 2011 1:58 PM
I am trying to authenticate wired users onto our Juniper EX switches.
I have setup all the groups and polices, however when a users plugs in they drop through all the polices and default to the guest vlan.
The error log on the server says
Error 6237
Reason Code: 7
Reason: The specified domain does not exist.
I am not sure what this exactly means. Is it the domain that the client machine is in trying to connect. As they are all in the same domain as the server.
Are there any other troubleshooting tools apart from windows event log?
Thanks
Roger
All replies (4)
Wednesday, June 29, 2011 9:01 AM ✅Answered
Hi,
Thanks for posting here
I suspect that client computer might failed pass the dot1x authenticate so it was unable to commutate with DNS server for name resolution during the logon process . I’d suggest to check your 802.1x authentication settings on both client and switch first. can you also verify the logs form switch ? and how did you configure Juniper switch to support 802.1x in this scenario ?
Start form the article below:
Checklist: Implementing 802.1X Authenticate Wired Access
http://technet.microsoft.com/en-us/library/dd363544(WS.10).aspx
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Tuesday, June 28, 2011 2:54 PM
HEllo Roger,
It seems like the clients are unable to connect and authenticate to a domain controller. if you are the domain admin as well can you verify that the machines can successfully authenticate to an active directory domain controller?
Isaac Oben MCITP:EA, MCSE,MCC View my MCP Certifications
Tuesday, June 28, 2011 3:00 PM
If the clients plug into a non dot1x port then all is fine.
When they plug into a dot1x enabled port it just says trying to authenticate and fails.
The NPS is running on our DC and I have registered it in ad using netsh
The option to register in AD from the console is greyed out?
Are you saying clients need to be able to authenticate on the network before dot1x can take place and NPS can do its stuff?
I am not sure of the default port status of our Juniper switches
Not done much with Dot1x before and was told the NPS was the best thing to use.
Thanks
Tuesday, July 5, 2011 11:05 AM
Thanks Tiger,
I will read that document and figure out how to check the log on the Juniper switches.
The switches were configured for Dot1x by a Juniper consultant and was working in the lab.
I suspect this might be client issues rather than server now?
I just wasn't sure of the order of operations and how different errors with the client cause errors on the server.
i.e what the client can and should be able to see when authenticating i.e DNS
roger