Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4151
Views
0
Helpful
2
Replies

Wireless clients not able to authenticate via RADIUS

tacpwd2015
Level 1
Level 1

‎04-05-2021 01:44 PM - edited ‎07-05-2021 01:05 PM

Hi everyone, hope you're safe & healthy.

 

We've had a Wireless network (old SSID) for a couple of years, which users are authenticated via RADIUS (Windows Server 2008). It was working perfectly, but last week suddenly it has stopped doing its job.

 

To solve temporarily this problem, we created a new SSID with traditional PSK authentication, and it works fine, so we can connect to the Wireless Network with no need of the Server. But of course I'd like to get it working again through RADIUS.

 

When trying to connect to the old SSID, the vWLC shows this message on the logs:

*Dot1x_NW_MsgTask_1: Apr 05 09:30:46.432: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:856 Unable to send AAA message for client [MAC ADDRESS]

 

In addition, the Windows Firewall from RADIUS server shows ports 1812 & 1813 in inbound open status (which are used to RADIUS authentication), but when I try to telnet, it is not possible (it seems that they are not really open).

 

From the server, I get this error in the application event viewer:

Negotiation failed. No available EAP methods.

 

And get this one from the network policy and access services:

Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

 

So please, if anyone here has had this issue before, I'd really appreciate that you help me solving this problem.

If you require any additional information, let me know.

 

Please stay safe and at home.

Regards.

Labels:
0 Helpful
2 Replies 2

patoberli
VIP Alumni
VIP Alumni

‎04-06-2021 08:49 AM

This sounds as if the certificate for the authentication on the NPS is not anymore valid or not anymore correctly assigned to the radius profile within NPS (happens sometimes on reboots, don't know why). 

0 Helpful

tacpwd2015
Level 1
Level 1
In response to patoberli

‎04-06-2021 12:31 PM

Thanks for your reply!

 

You know? After all, we had to restart ALL our servers, due to some of them were kind of stuck. And one of them included virtually the vWLC. Now everything seems to work fine, but in this moment, I don't know the reason why this had to happen.

 

I really appreciate your time to have answered.

Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card