cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
397
Views
0
Helpful
16
Replies
Highlighted
Beginner

No response from server NPS authentication


I trying to get my new 3504 to authenticate to my window 2012 r2 Network Policy server on v1. The management interface on the WLC 3504 is on a trunk port. The management V ID is 30. From the controller v30 I can ping the 2012 r2 where Network Policy server is located on v1 and from the Network Policy server I can ping the controller. I can login to the web interface no issues. I set the service-port to Dynamic Host Configuration Protocol and it received an IP from the Dynamic Host Configuration Protocol server. When I complete the command test AAA show radius, I get "10.100.0.33 1 No response received from server". My old 2106 controller authenticates no issues. Any help appreciated!


(Cisco Controller) >test AAA show radius

Radius Test Request
WLan  id........................................ 1
AP Group Name................................... default-group
Server Index................................... 1
Radius Test Response

Radius Server Retry Status
------------- ----- ------
10.100.0.33 1 No response received from server

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: No response from server NPS authentication

@HUGH LANCASTER wrote:
I verified password on the NPS and Controller several times. If it was the password, i should get an error.

Are you sure you're looking in the right log? If your RADIUS Shared Secret is wrong, you will get an Event ID 13 in the "System" log of Windows Event Viewer. Most NPS stuff ordinarily is in the "Security" log, so it is easy to miss this event if you don't check the System log.

Alternatively if you view under "Server Roles" in Event Viewer then you will see all NPS events regardless of which Windows log they come from.

16 REPLIES 16
Beginner

Re: No response from server NPS authentication

Sorry for spelling out some of the names. very difficult to post here.

Beginner

Re: No response from server NPS authentication

Here is a screen shot of my NPS

VIP Advocate

Re: No response from server NPS authentication

You should see every authentication attempt in the Event Viewer - Security log on the NPS server.
Important, is the NPS registered in your domain? To check that, right click on NPS (local) in the NPS management tool. If the "Register in AD" is greyed out it's ok.
Beginner

Re: No response from server NPS authentication

Check for ideas in the Windows Event Viewer logs under Custom Views --> Server Roles --> Network Policy and Access Services.

In NPS did you add the IP address of your new WLC under "RADIUS Clients"?

Beginner

Re: No response from server NPS authentication

NPS is registered in the domain. It is authenticating to my 2106 controller and clients are authenticating. I am thinking it has something to with the VLAN. However, from the WLC 3504 I can ping the NPS server and vice versa. 

I verified password on the NPS and Controller several times. If it was the password, i should get an error. I have the port trunked on the WLC. All my VLANS are operating with no issues. The NPS server is VLAN 1 and WLC in VLAN 30. 

 

Beginner

Re: No response from server NPS authentication

@HUGH LANCASTER wrote:
I verified password on the NPS and Controller several times. If it was the password, i should get an error.

Are you sure you're looking in the right log? If your RADIUS Shared Secret is wrong, you will get an Event ID 13 in the "System" log of Windows Event Viewer. Most NPS stuff ordinarily is in the "Security" log, so it is easy to miss this event if you don't check the System log.

Alternatively if you view under "Server Roles" in Event Viewer then you will see all NPS events regardless of which Windows log they come from.

Beginner

Re: No response from server NPS authentication

Yes. I've look both places. I am seeing information from the "service port" showing in the NPS logs. "A radius message was received from the invalid client IP address 10.100.1.137 address. I enable DHCP on the service port.

VIP Advocate

Re: No response from server NPS authentication

Can you provide me a screenshot of the Radius Clients screen on the NPS?
Firewall is allowing connections from the new IP of the WLC to the NPS?
Beginner

Re: No response from server NPS authentication

All internal

VIP Advocate

Re: No response from server NPS authentication

Thanks.
As you are masking various parts of the IP address, is it the same as this one "A radius message was received from the invalid client IP address 10.100.x.x address" from your error message?
Or please stop masking private IP addresses, it just makes the troubleshooting much more complicated.
Beginner

Re: No response from server NPS authentication

This means the RADIUS request is getting to the NPS server, but the NPS server is ignoring it because it's coming from the service port's IP (10.100.1.137) instead of the IP you were expecting (10.100.32.3).

There is probably a way to set on the WLC which interface it will use for RADIUS requests. I don't know about it off the top of my head though. You'll need to configure the WLC to use the 10.100.32.3 interface for RADIUS.

Beginner

Re: No response from server NPS authentication

Makes sense to me. I created a case with tech support. I ran wireshark on both subnets and not seeing any communication with the 10.100.32.3 interface. 

Beginner

Re: No response from server NPS authentication

If you are getting a no response from AAA server have you absolutely confirmed that the WLC is entered correctly as a client in the NPS server? Does the share secret etc match up on both ends?

Beginner

Re: No response from server NPS authentication

I changed the password on both ends to 123456 for testing and no go. ON WLC I completed a test and received this error "

test aaa radius username test password 123456 wlan-id 1 

Fri May 17 10:50:54 2019RADIUS server 10.100.0.33:1812 failed to respond to request (ID 0) for client 00:11:22:33:44:55 / user 'test'

In the event viewer NPS does not show any communication from the WLC test that I competed

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards