Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, May 17, 2013 1:12 PM
Hi,
A Windows Server 2008 R2 with installed NPS Role responds with ICMP unreachabe to RADIUS requests from network devices. I attached a screenshot of network traffic dump from NetMon.
There is no records in Event Viewer -> Custom Roles -> Network Policy and Access Services.
The settings for NPS logging are ok:
C:\Users\andrei.moraru_admin>auditpol /get /subcategory:"Network Policy Server"
System audit policy
Category/Subcategory Setting
Logon/Logoff
Network Policy Server Success and Failure
C:\Users\amoraru_admin>netstat -an | findstr 1813
UDP 0.0.0.0:1813 *:*
UDP [::ffff:127.0.0.1]:1813 *:*
C:\Users\amoraru_admin>netstat -an | findstr 1645
UDP 0.0.0.0:1645 *:*
UDP [::ffff:127.0.0.1]:1645 *:*
C:\Users\amoraru_admin>netstat -an | findstr 1812
UDP 0.0.0.0:1812 *:*
UDP [::ffff:127.0.0.1]:1812 *:*
I have enabled logging to NPS files according to http://technet.microsoft.com/en-us/library/dd348461(v=ws.10).aspx
C:\Users\andrei.moraru_admin>netsh ras set tracing * enabled
In C:\Windows\tracing appeared many files for NPS logs, including IASSAM.LOG and IASRAD.LOG
When I open both files in text editor, i see some strange string:
㑛㠱崴〠ⴴ㌰ㄠ㨲㐰ㄺ㨲㐴㨰䌠湯楦畧楲杮爠浥瑯敳癲牥朠潲灵䄠汬挠畯瑮
I need some special tool to read NPS logging files?
Thanks,
Andrei
Andrei Moraru Endava
All replies (4)
Monday, May 20, 2013 7:26 AM ✅Answered
Hi Andrei,
NPS service requires port UDP 1812/1813/1645/1646. Please first check the NPS UDP port configuration correctly.
Configure NPS UDP Port Information
http://technet.microsoft.com/en-us/library/cc731277.aspx
NPS and Firewalls
http://technet.microsoft.com/en-us/library/cc732902.aspx
Also, you can use this command to verify if the port is used by Network Policy server service during the service from stop to running.
Netstat -ano | find "1812"
In addition, if you have security application installed, please temporary uninstall it and test the issue again.
More information:
Configure NPS Log File Properties
http://technet.microsoft.com/en-us/library/ee663944(v=ws.10).aspx
Interpret NPS Database Format Log Files
http://technet.microsoft.com/en-us/library/cc771748(v=ws.10).aspx
Interpret IAS Format Log Files
http://technet.microsoft.com/en-us/library/dd197432(v=ws.10).aspx
Hope this helps.
Jeremy Wu
TechNet Community Support
Friday, May 17, 2013 1:37 PM
did you check whether the firewall on the server (and poibbbly intermediate ones too) to actually allow icmp? does the server respond to a 'ping'?
MCP/MCSA/MCTS/MCITP
Friday, May 17, 2013 1:49 PM
The firewall is disabled on NPS server (IP address 10.99.0.1). The NPS server and network equipment were placed in the same subnet - 10.99.0.0/23
There is no Router/Firewall between NPS server and Radius client network device. Also, ICMP traffic (ping) goes ok in both directions.
Thanks,
Andrei
Andrei Moraru Endava
Monday, May 27, 2013 7:44 AM
Hello,
thanks for suggestions.
I applied a workaround of moving Network Policy Server role to another computer.
Regards,
Andrei Moraru Endava